Dear Francis, thank you very much for your detailed explanation. I will investigate in order to detect the right way (and tool) to rich my goal thinking about your words.
Have a great day. Regards, Mauro Il dom 29 apr 2018 11:09 Francis Daly <fran...@daoine.org> ha scritto: > On Fri, Apr 27, 2018 at 01:41:26AM +0200, Mauro Tridici wrote: > > Hi there, > > > So, I would like to ask you if I can use NGINX i order to start a port > forwarding from an internet client to a server machine in my private LAN > preserving the client IP. > > In general, what you want cannot be done (I believe). > > There are some specific cases where it can be made to work. Maybe your > case is, or can be made, one of those. > > One case is where the upstream service can be told to expect the > "proxy protocol". The client connects to nginx; nginx is configured > with a suitable "proxy_protocol on" directive, and writes some extra > information at the start of the tcp connection to the upstream service; > that service reads that information and knows the original client address. > > Another case is where the upstream server will always send all IP traffic > addressed to the original clients, through the port-forwarding server; > and where the network between the port-forwarding server and the upstream > server is happy for spoofed source addresses on IP packets to pass. In > that case, the port-forwarding server can be clever with the packets > that it forwards, and can be clever with the response packets from the > upstream server. Nginx is not the right tool to be the port-forwarding > service in that case; something within your operating system's IP stack > should be investigated instead. > > Good luck with it, > > f > -- > Francis Daly fran...@daoine.org > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
