I have a publicly accessible web server, and I'd like for it to receive all users' public IP addresses, rather than the firewall's address, so that it can attempt to cooldown and ban bad actors that try to hack a portal login. Other communities say that it's possible for some firewalls to replace the forwarded packet's IP with the user's real IP instead of forwarding its own IP address. Can this be done with a MX64?
I don't want to capture the HTTP_X header info, since that can be spoofed by the user. JS based answers mention that they can capture and send a client's IP address, but then it's usually a private one.
Solved! Go to solution.
All 3 of the features mentioned work similarly. The MX is not altering the Source IP, it alters the destination IP. You just need to monitor the Source IP for the requests. The MX IP shouldn't be observed, and the only information to identify the MX would be the MACID since it is L2 between the web server and MX. Unless there is a Proxy involved I wouldn't expect to see anything but the public IP of the clients making the request.
If you are using port forwarding, 1:many, or 1:1 rules the mx will forward the public IP of the users, it would alter the destination IP from the Public IP to the Private IP of the server. The MACID would be altered since it is routed but assuming you are capturing the source IP it should be the public IP of the users. This assumes the website is behind an MX64.
I may be looking at the wrong settings, but when I attempt to make a 1:1 NAT or 1:Many NAT, it wants me to set up a known public IP for use by an LAN device, but that's not what I need. I do have a port forwarding rule to get HTTP traffic from the WAN to the LAN web server, and of course the web server sees the firewall's IP as opposed to the user's IP. What I'm attempting to change on the incoming packets is the WAN user's IP, so the LAN web server can see that instead of the firewall IP.
All 3 of the features mentioned work similarly. The MX is not altering the Source IP, it alters the destination IP. You just need to monitor the Source IP for the requests. The MX IP shouldn't be observed, and the only information to identify the MX would be the MACID since it is L2 between the web server and MX. Unless there is a Proxy involved I wouldn't expect to see anything but the public IP of the clients making the request.
I'm not sure what happened. Previously the only WAN public IP returned by PHP's $_SERVER['REMOTE_HOST'] was the firewall's. All LAN client private IPs were already visible. Now I'm suddenly seeing WAN client public IP's via that server variable. I didn't change anything on the MX.
Thank you for helping. You clarified that the MX is already configured as needed. I'm wondering if there's something in IIS that maybe mucking things up.