[Wolves] PHP behind Smoothwall

James Turner james at turnersoft.co.uk
Thu Jun 17 23:29:09 BST 2004


On Thursday 17 Jun 2004 14:59, Jon Farmer wrote:
> On Thu, June 17, 2004 2:49 pm, Jon Farmer said:
> > $REMOTE_ADDR part of the $_SERVER global array and will always return the
> > IP the the webserver ie APACHE is bound to
>
> Doh brain had a go slow.. $REMOTE_ADDR is the client address and if its
> being NAT'd or throught proxy etc it will not return the true client
> address. If you wanted the IP of the server you would need to call a
> system command for that like ipconfig.

At one point, when I was setting up my firewall, I managed to configure port 
80 forwarding such that everything was accessible as it should be, but the 
firewall's IP address appeared in the Apache logs instead of that of the 
remote clients.

The problem was that as well as doing NAT on the destination address (the 
normal for port forwarding of incoming connections) for packets arriving on 
port 80 I was also doing NAT on the source address (normally used for IP 
masquerading of outgoing connections). This was quickly spotted and 
resolved! :)

As Jon points out, running inbound requests through a reverse proxy would have 
a similar effect on the logs and on the client address as seen by PHP.

James



More information about the Wolves mailing list