Hello all,


I'm looking for a solution for the following problem:

My server registers the internal ip address from the router when there is a connection from an external source.
But not always...

Here's my network setup:
ISP -- cablemodem -- router (PC with Coyote Linux) -- switch -- internal PC's (2x Windows workstations, 1x Fedora 5 server)

When I connect with SSH, mail or web from one of the workstations to the server, I get their ip's logged, but when I connect from outside the ip of the router is logged.

But on the other hand, in the mail Logwatch sends me, there are external ip's registered of people who fail to log in with SSH.

Some help resolving this problem would be apreciated.

Thanks,
Mitzi.

Your router is setup to DNAT SSH traffic to the server, right?

If this is the case (which IMHO, I strongly think is), then the server is acting exactly as it should.

DNATing changes the packets that arrive at the server so they seem to originate from the router, which is why the router's IP is being logged.

I have a very similar setup, but I run SSH on the router, and from there I get into the network and SSH to other machines.

Needless to say, when I login to the router the correct IP is logged, however, the other machines all log the IP of the router.
Should show your iptables rules, look for rules in the NAT table (under POSTROUTING), with a "-j DNAT " to confirm this.

Happy hunting

Thanks for the reply.


Well, everything was working perfectly...

Newbie me was still on the local network connecting trough the router to the server... This logged the IP of the router.
When I'm outside the local network, the external IP gets logged......

With all due respect, this is not what DNATing does. Destination Network Address Translation does just that --- change the destination address (and maybe port) of a packet.

So for example, consider that I have one public ip address (64.179.4.146) and have setup a simple private network (192.168.0.0/24). On said network, I have a gateway which connects to both the internet (64.179.4.146) and the network (192.168.0.1). I also have an ssh server (192.168.0.3). If I go outside and start using the internet from a different machine (64.233.167.147), I want to ssh into my own. So I send a packet to my other ip (64.179.4.146) with tcp port 22. Now it is recieved by my gateway/router on the public interface. The destination packet of the interface is obviously the public ip, but the router knows that the packet was not intended for itself. What it does is change the destination address from 64.179.4.146 to 192.168.0.3. So ssh should recieve a source address matching the foreign ip.

What you were describing above is called SNAT (Source Network Address Translation).

Thanx for your explanation, it is perfectly correct and the examples is easy to understand too

However, maybe my post was a little ambigious (but I think it was also correct):
I hope this clears it up