My Apache server behind a PIX 501 logs all incoming IPs (access.log/ error.log) as 0.0.0.0; is this a result of using the PIX (i.e. not having the webserver in a DMZ), or should I be blaming Apache?
My PIX config is: PIX Version 6.3(5) access-list outside_in permit icmp any interface outside echo-reply access-list outside_in permit tcp any interface outside eq 3390 access-list outside_in permit tcp any interface outside eq ftp access-list outside_in permit tcp any interface outside eq www mtu outside 1500 mtu inside 1500 ip address outside 64.xxx.xxx.218 255.255.255.248 ip address inside 192.168.2.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp interface 3390 192.168.2.2 3390 netmask
255.255.255.255 0 0 static (inside,outside) tcp interface ftp 192.168.2.2 ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface www 192.168.2.3 81 netmask 255.255.255.255 0 0 access-group outside_in in interface outside conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 64.xxx.xxx.217 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.2.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable