Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Read "source IP" from a forwarded connection

My TZ-300 is working ok: the connection from internet is forwarded to a NGINX server, which then distribute accordingly and application server works correctly except for the internal LOGs.

The issue I'm facing is regarding the IP being received by our application server: they are not the "client IP", instead, they are currently the NGINX IP.

Consider this network: client IP 1, firewall IP 2 (interface WAN), NGINX IP 3, webserver IP 4.

At TZ-300 monitor tool we see the packets being forwarded to the NGINX, but at NGINX with TCPDUMP we see incoming connections from own NGINX IP 3 instead of original source IP 1.

The point is that at webserver LOGs we see our input connections as IP 3, expected is IP 1.


Is it a misconfiguration with firewall or NGINX? Any ideas on how to solve this?

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @fre the request from the original source IP is answered by NGiNX. All requests are then initiated by NGiNX in the name of the inquirer with it's own (proxy) IP, the classic definition of "by-proxy" :)

    There is nothing you can change, but NGiNX (or proxies in general) are able to forward the original IP in a HTTP-Header which can be used by the upstream server.

    In your NGiNX configuration you should have something like this:

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    

    If your application server is an Apache httpd2 for example, this module rewrites the client IP with the X-Forwarded-For value:

    Same goes for Tomcat, Jetty, IIS, etc.

    Hope this helps a little.

    --Michael@BWC

Sign In or Register to comment.