Cisco Systems Apache server behind PIX logs all incoming IPs as 0.0.0.0.
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Apache server behind PIX logs all incoming IPs as 0.0.0.0. robert.waters 04-20-07
Posted by robert.waters on April 20, 2007, 10:52 am
Please log in for more thread options
My Apache server behind a PIX 501 logs all incoming IPs (access.log/
error.log) as 0.0.0.0; is this a result of using the PIX (i.e. not
having the webserver in a DMZ), or should I be blaming Apache?

My PIX config is:
PIX Version 6.3(5)
access-list outside_in permit icmp any interface outside echo-reply
access-list outside_in permit tcp any interface outside eq 3390
access-list outside_in permit tcp any interface outside eq ftp
access-list outside_in permit tcp any interface outside eq www
mtu outside 1500
mtu inside 1500
ip address outside 64.xxx.xxx.218 255.255.255.248
ip address inside 192.168.2.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3390 192.168.2.2 3390 netmask
255.255.255.255 0 0
static (inside,outside) tcp interface ftp 192.168.2.2 ftp netmask
255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.2.3 81 netmask
255.255.255.255 0 0
access-group outside_in in interface outside
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 64.xxx.xxx.217 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable


Posted by Walter Roberson on April 21, 2007, 8:58 am
Please log in for more thread options
>My Apache server behind a PIX 501 logs all incoming IPs (access.log/
>error.log) as 0.0.0.0; is this a result of using the PIX (i.e. not
>having the webserver in a DMZ), or should I be blaming Apache?

No matter what you do with the PIX, if a packet manages to reach
the server at all, the packet is going to have -some- non-zero
IP address (Okay, I admit I haven't -tried- doing a static map to
0.0.0.0 but I'd be surprised if it was allowed.) So Apache should
be logging -something- non-zero for the IP.

How new is your Apache? Historically, there was a problem on some
operating systems with 0.0.0.0 being logged, especially by Apache.
Unfortunately I no longer recall the exact cause.

I see a recent report about Apache for Windows having this
behaviour:

http://issues.apache.org/bugzilla/show_bug.cgi?id=41321

That's not actually the incident I was thinking of; the one I
was thinking of was a number of years ago, possibly on SGI IRIX or
Sun Solaris.

Similar ThreadsPosted
Apache server behind PIX logs all incoming IPs as 0.0.0.0. April 20, 2007, 10:52 am
How To Force Load Balancing For Incoming Traffic to One Server Through 5500 / 6500 Switches? September 14, 2005, 1:46 pm
Logs button not opening Logs GUI June 29, 2009, 6:44 am
pix logs May 16, 2006, 6:07 am
PIX, two weird logs September 8, 2005, 8:48 am
Help on security logs December 20, 2005, 11:22 am
Router logs March 21, 2006, 2:58 pm
KIWI logs September 18, 2009, 10:41 am
Re: Viewing Cisco ACL logs August 29, 2006, 3:10 am
Viewing Cisco ACL logs August 28, 2006, 5:58 pm
SIP incoming calls in CCM September 27, 2007, 12:00 pm
IOS and Rommon updates - change logs? March 19, 2006, 10:00 am
Assigning IP to incoming VPN connections June 29, 2006, 1:07 am
Incoming range of Ports September 20, 2007, 12:42 pm
PIX 501 Incoming rule creation January 22, 2008, 3:54 pm
Residential Cabling Guide

Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Learn More