get client IP if server is on private network

Discussion in 'Cisco' started by kkivi, Dec 5, 2005.

  1. kkivi

    kkivi Guest

    Hello
    I must say I am not very familiar with low level IP so the question may
    be rather stupid.

    We have a private (10.x.x.x) network connected to internet via CISCO (
    and
    have one public address). There is a unix server (ssh ) inside network
    accessible from
    internet . Clients connects to our public IP (CISCO I think ) to a
    specific
    port and get to our ssh server. _In ssh server log I can see their real
    IPs_. This is
    important for me.

    Now I want simular setup at our another (larger) office and again I
    want to
    see what is client's real IP. However I was told that this is not
    possible (get real IP) for some reason.

    Can anybody explain why it is possible in one situation and not in
    another.

    Best regards, Konstantin Kivi
     
    kkivi, Dec 5, 2005
    #1
    1. Advertisements

  2. kkivi

    Guest Guest

    kkivi napisał(a):
    As far as I recall port forwarding in PAT does not change the source IP
    address, so I can't figure out, why the've told You, that it's not
    possible. I would ask for a reason, if I was in Your shoes.
     
    Guest, Dec 5, 2005
    #2
    1. Advertisements

  3. kkivi

    kkivi Guest

    Can the router between the firewall and the sever be a problem?
     
    kkivi, Dec 5, 2005
    #3
  4. It sounds like you want to forward the SSH port to your Unix box.

    On a pix firewall, the commands should be something like below:

    ! below should point to the IP address of your server

    static (inside,outside) tcp interface 22 10.x.x.x netmask
    255.255.255.255 0 0

    ! below permits SSH to your outside interface

    access-list BLAH permit tcp any interface outside eq 22

    ! applies the access list to outside interface

    access-group BLAH in interface outside
     
    chris.k.stewart, Dec 5, 2005
    #4
  5. Not unless there is specific configuration preventing this. The router
    in between should just be forwarding the packets and not changing the
    source IP address.

    Regards,
    Steve
    www.networking-forum.com
     
    www.networking-forum.com, Dec 5, 2005
    #5
  6. kkivi

    kkivi Guest

    Thank you all for answers. The problem is they use FreeBSD 4.3 and
    rinetd package
    and know no better.
     
    kkivi, Dec 7, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.