Dear community,
since I am a german guy, excuse gramatical mistakes.
I create a proxy to hide my application servers public IP from my customers.
I am actually using those 3 lines
(for testing reasons I am forwarding the traffic which connects to the ubuntu proxy to my apache webserver (5.196.130.245:80)
I show this to a friend/competitor and he said, lol, with this code ur "hiding" the costumers IP in ur Database logs
(for example, they use the register formular on the website username, password registerIP - and with my 3 lines of code the register IP is the proxys IP in every single case but he told me he got a way to see even the real Users IP, even if they connecting through the proxy)
So he sent me the following Picture of his script
Any1 knows / is able to describe me what he has done better / other than me? I cannot see any routing cmds in his script.
I'm now almost searching 5 days for a solution and this is my last hope to find it.
EDIT: okay, I just found out that this Script for setting up the iptables is not for forwarding any traffic.
For the redirecting/forwarding part he is using HAPROXY.
regards,
Julian
Last edited by tschulian; 11-25-2014 at 04:13 PM..
Reason: code tags not icode ... thanks
One thing I note in your friend's script is that it sets the firewall to drop all incoming connections before allowing port 22 (ssh) connections. If something goes wrong along the way on this, you'll need console access to get back in :/ I'd recommend setting the -P INPUT DROP last tbh
As you've noted, this is just INPUT filters, your one is just NAT/IPMASQ. So it's like comparing apples and oranges really.
Looking just at your rules, I don't see anything untoward there, it appears that you are causing the proxy to accept traffic arriving on port 80 and redirecting it to 5.196.130.245.
An external customer connecting to the address would not be able to detect the redirect and would see all their connections as going to and coming back from the address of your proxy.
The webserver would see all the connections as coming from the proxy server address, unless the customer is setting "X-Forwarded-For" headers in their requests (not all that uncommon to find) which would be passed along to the webserver and quite possibly included in it's logs.
If you have a little more background of what your end goal is, we might be able to offer more advice
I would recommend also adding a FORWARD rule to DROP anything not for that port arriving from the external interface, as you've turned on IP forwarding and at present your setup would happily forward anything anyone asks it to. It's note really serious but could exacerbate any existing security issue into a full exploit.
Hi 2 all,
i have had AIX 7.2
:/# /usr/IBMAHS/bin/apachectl -v
Server version: Apache/2.4.12 (Unix)
Server built: May 25 2015 04:58:27
:/#:/# /usr/IBMAHS/bin/apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
mpm_worker_module (static)
... (3 Replies)
Hello.
System : opensuse leap 42.3
I have a bash script that build a text file.
I would like the last command doing :
print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt
where :
print_cmd ::= some printing... (1 Reply)
Hi All
It's me again with another huge txt files. :confused:
What I have:
- I have 33 huge txt files in a folder.
- I have thousands of line in this txt file which contain many the letter "x" in them.
- Some of them have more than one "x" character in the line.
What I want to achieve:... (8 Replies)
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
I have a file that stores data in pairs of lines, following this format:
line 1: header (preceded by ">")
line 2: sequence
Example.txt:
>seq1 name
GATTGATGTTTGAGTTTTGGTTTTT
>seq2 name
TTTTCTTC
I want to filter out the sequences and corresponding headers for all sequences that are less... (2 Replies)
The system don't boot.
on the screen appears following:
press enter to maintenance (or type CTRL-D to continue)...I checked with format command.
... the slices "0-root","1-swap","2-backup" exist.
...the slises "3-var","6-usr" -unassigned. :( (16 Replies)
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Hi Friends,
Can any of you explain me about the below line of code?
mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`
Im not able to understand, what exactly it is doing :confused:
Any help would be useful for me.
Lokesha (4 Replies)