1. Home
  2. Cisco Systems
  3. get client IP if server is on private network

get client IP if server is on private network

Hello I must say I am not very familiar with low level IP so the question may be rather stupid.

We have a private (10.x.x.x) network connected to internet via CISCO ( and have one public address). There is a unix server (ssh ) inside network accessible from internet . Clients connects to our public IP (CISCO I think ) to a specific port and get to our ssh server. _In ssh server log I can see their real IPs_. This is important for me.

Now I want simular setup at our another (larger) office and again I want to see what is client's real IP. However I was told that this is not possible (get real IP) for some reason.

Can anybody explain why it is possible in one situation and not in another.

Best regards, Konstantin Kivi

Reply to
kkivi
Loading thread data ...

kkivi napisa?(a):

As far as I recall port forwarding in PAT does not change the source IP address, so I can't figure out, why the've told You, that it's not possible. I would ask for a reason, if I was in Your shoes.

Reply to
Michał Iwaszko

Can the router between the firewall and the sever be a problem?

Reply to
kkivi

It sounds like you want to forward the SSH port to your Unix box.

On a pix firewall, the commands should be something like below:

! below should point to the IP address of your server

static (inside,outside) tcp interface 22 10.x.x.x netmask

255.255.255.255 0 0

! below permits SSH to your outside interface

access-list BLAH permit tcp any interface outside eq 22

! applies the access list to outside interface

access-group BLAH in interface outside

Reply to
chris.k.stewart

Not unless there is specific configuration preventing this. The router in between should just be forwarding the packets and not changing the source IP address.

Regards, Steve

formatting link

Reply to
www.networking-forum.com

Thank you all for answers. The problem is they use FreeBSD 4.3 and rinetd package and know no better.

Reply to
kkivi

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.