Real IP detection by Apache Headers

[Turagorn]

Hello,

We are using Zentyal at our office mainly as a Gateway and VPN server. Our local configuration might be a little complicated... which is:
  - Main Router... conected to internet
  - Zentyal --- which recieves all the http traffic and redirects to our internals servers (192.168.0.102)
  - Apache Proxy Server - which distributes the traffic sended by Zentyal to other machines (192.168.0.50)
  - Web Applicacion served by Apache2 (192.168.0.95)

Without Zentyal we can figure out the real IP of the connection looking for HTTP_X_FORWARDED_FOR connection header. But with Zentyal we allways see its IP (192.168.0.102) as the real ip. We hace tryed some configurations:
  - Firewall->Package Filter->WAN to LAN
  - Firewall->Port Redirecting ... here we try to check the "Replace..." box and uncheck

All these configurations throws the same result... the Zentyal IP as the original IP for the incoming connection

----

I have looked for "HTTP_X_FORWARDED_FOR", "ip detection", apache redirects" in the forum

Our configuration is Zential 2.2
Ubuntu Lucid Lynx

Also I have found nothing in the logs     

We appreciate any help provided... thanks in advance! 

[vshaulsk]

I don't have an answer for you, but I would like to clarify your problem for my own understanding.  Are you saying that when you look at your webserver and see who is connecting to it.... you only see the IP for the zentyal box?  You do not see the IP of the actual remote host asking for HTTP requests??


If this is the case I also have this issue.  I run two servers behind zentyal, but I use Nginx reverse proxy to deliver traffic to them.  The webservers only see traffic coming from zentyal 192.168.0.1 and not the real requesting host.

[Turagorn]

Shorthands: yes

What we have notice is that nowhere we can find the real remote host nor in the Apache Proxy, nor in the final web Server... the most "remote" we can find is the Zentyal IP.

PD: Sorry for my bad english... or if I explain our situation wrong.

[vshaulsk]

No I think you explained it correctly.... I have the same problem when I use Nginx reverse proxy.   
I just wanted to clarify that we have the same issue.

I don't know how to fix mine either..... I have read some forums on the web that it has to do with the Apache configuration, but I am not sure how to fix it.

If you search Nginx reverse proxy for apache.... there are posts about how to get apache  to show the real host IP to show, but I have not been able to get it to work.  Perhaps you will have more luck.....   

I am sure whether it is Nginx or Apache serving as the proxy it won't matter..... you still have to do the same config to make it work.

[Turagorn]

The point is that we have already configurated the Apache Proxy Server to add the real IP into the headers. Right now, if we bypass Zenytal we recieve the correct remote IP Address.

As far as we know it should be a configuration/rule misplaced somewhere because we always register the Zenytal IP as the remote IP address. If we use "port redirection" to redirect the traffic to the Proxy Server there is an option to Remove or not the original IP Address... but we don't notice changes.

Lots of thanks by the way!

[vshaulsk]

I just checked on my system about just standard port redirection using zentyal.

I have some services ..... transmission-daemon .....  That run on a port other than 80 or 43.   I use zentyal redirect to redirect any connection on ports 10000 and 10003 over to my virtual server running transmission-daemon.

I checked the logs of the server and the remote IP addresses of the hosts sending information to transmission can be seen.  So in my setup simple zentyal port redirection is not masking the original host IP.

On the same server if I check port 80 and 443 I only see the IP address of the zentyal gateway 192.168.0.1
For me Nginx is my reverse proxy serving content on those ports.  I also have HTTP_X_FORWARDED_FOR in my configuration, but it is not working.... just as in your case.

When googling the issue I came accross this (I added the page address and some lines of text from the document):

http://www.ubuntugeek.com/using-nginx-as-a-reverse-proxy-to-get-the-most-out-of-your-vps.html

-Lastly, if you don’t want all your apache logs to show 127.0.0.1 for who is accessing your files or your application uses -IP’s to track sessions you need to install libapache2-mod-rpaf. It is painless just issue the command below.
-sudo apt-get install libapache2-mod-rpaf
-reload or restart both Apache2 and Nginx.

[Pfff]

Hello Turagorn

Did you find he solution?