Hello, Im Anoluck and new to the forum. I didn't realize there was a forum strictly for CentOS users. I been working in CentOS for about 8 months now so im still a noob but Im glad I found this place. I have enough knowledge in networking to be dangerous but not enough to be a expert so I have a weird setup.
I have an interesting setup so bear with me.
Example:
I'm using FirewallD with rich-rules
I'm currently VPN-ing into Company A.
CentOS 7
ISP IP: 1.2.3.4 (Not Important)
Company A IP: 8.8.8.8
Company A Assign My Server IP: 192.168.0.100
My WebServer Listening Port: 8080
I forward 8080 from 8.8.8.8 to 192.168.0.100
When a visitor visit IP 8.8.8.8:8080 they are transfer to my webserver.
I want to be able to white list specific IP but base on log at...
/var/log/messages
it appears all my visitors IP doesnt show up correctly.
Their IP is shown as SRC: 8.8.8.8 ----> DST:192.168.0.100 DPT:8080
So far I white listed 8.8.8.8 into my server but it doesn't give me control over which specific IP can Access my Server.
Now when I'm in my own NAT/Network I see their IP when they try to visit my server.
Only when I VPN-ing shows the Company A IP instead of the visitor IP.
Is there a way to make the visitor IP show up when I VPN into company A network?
TLDR: When using my ISP and behind my router, a visitor who visit my webserver I can see their IP in the log, but when I'm behind a Company VPN using thier IP, visitors who visit my server are mask by the Company IP.
White List IP behind VPN
Re: White List IP behind VPN
If I understand your description of the problem correct, your companies 8.8.8.8 is a proxy that forwards requests to 8.8.8.8:8080 to 192.168.0.100:8080.
It is correct that you see in the log files of 192.168.0.100 the address 8.8.8.8 as the source address.
Usually a proxy server adds the original source IP address in a special HTTP header named X-Forwarded-For that is included in the request.
Some proxies use different names for this header.
It is correct that you see in the log files of 192.168.0.100 the address 8.8.8.8 as the source address.
Usually a proxy server adds the original source IP address in a special HTTP header named X-Forwarded-For that is included in the request.
Some proxies use different names for this header.