The GNAT Box *SHOULD* hide the addresses of requests that originate on the Protected network, as this is outbound traffic.
If you want the webserver to log the actual IP addresses of requests that originate in the PRO then you will need to set this up as a pass-through (no NAT). Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Matthew Underwood [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 12, 2002 9:50 AM > To: GNATBox Mailing List > Subject: RE: [gb-users] Tunnel to PSN seems to always hide > source address > > > In reply to my own query about source addresses being logged > by an apache > server in our PSN always showing the IP address of the PSN interface > regardless of the state of the 'hide source address' checkbox > on the tunnel. > > > Some progress on this front... > > Apache is now logging the real source IP address of requests > that come in > via the External interface, but is still logging the gateway > address for > requests that come via the Protected interface. > > Since I was only really concerned with logging IPs of > cracking attempts > from the outside world this is fine. > > I'm assuming the gateway interface being logged for protected > interface > accesses is something to do with protected interface accesses > being NAT'ed. > > Thanks to Bob Reasoner for his suggestion that the 'Hide > Source Address' > changes didn't take affect until the filters had been > updated. This seems > to bear out as until I made some changes earlier today ALL IP > addresses > were being logged as the gateway address. > > So, I guess there's no query anymore.. Unless someone wants > to confirm my > suggestion about connections from the protected interface > being NAT'ed. > > Cheers, > > Matt. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
