Logging LAN IP address



  • When doing ‘z-push-top’ I noticed that my iDevices syncing from within my LAN 192.168.x.x show as connecting from the static public IP of my LAN.

    I played with the following setting but no result, true or false, it shows my public IP (that’s is ok as I am not behind a proxy):

    // When accessing through a proxy, the "X-Forwarded-For" header contains the original remote IP
       define('USE_X_FORWARDED_FOR_HEADER', false);
    

    My z-push is running on Centos7+Nginx directly exposed to the internet (and to the LAN) … any idea ho to log the LAN IP for LAN-connected devices ?



  • As we don’t have direct access to your LAN, tell us about it…

    • where’s your z-push-host: LAN, different LAN, WAN?
    • “static”-IP = public-IP?
    • Do you use NAT in your LAN2WAN-router?

    NGINX might set theHTTP_X_REAL_IP header instead of HTTP_X_FORWARDED_FOR.
    With current z-push-implementation (2.3.9beta), the HTTP_X_REAL_IP-header seems to be evaluated correctly, even with USE_X_FORWARDED_FOR_HEADER unset. With earlier version, this was not the case.
    Nevertheless, you will see public-interface V4IPs for NATed clients. IPV6 clients are shown with their device-ip.

    Ref ZP-1183 and here How to protect webapp -- fail2ban

    ++umgfoin.



  • Thanks for the answer and let me clarify

    Z-push and nginx both sit on the same server with LAN IP eg 192.168.0.100 (as side note my mail server sits on another LAN IP eg 192.168.0.110).

    The z-push/nginx connects through a router to the internet that has a static ‘public IP’ and the nginx does not act as a reverse proxy in front of z-push (same server).

    Problem is z-push-top shows the iPhone with the ‘public IP’ instead of the device ‘LAN IP’ (when the device is connected through the LAN Wifi)

    Where should I try the HTTP_X_REAL_IP header that you suggest ? in Nginx conf ? what would be the complete syntax ? Is it maybe a hosts or DNS problem ? Should I try the 2.3.9 alpha ?



  • Seems I am going nowhere and thinking to ditch Nginx in favour of stock Apache … configuring Nginx seems uber-complicated :-(
    So this is my conf:

    location ~* /Microsoft-Server-ActiveSync {
                access_log  /var/log/nginx/z-push-access.log;
                error_log   /var/log/nginx/z-push-error.log;
                fastcgi_param SCRIPT_FILENAME /usr/share/z-push/index.php;
                fastcgi_param   PHP_FLAG "magic_quotes_gpc=off \n register_globals=off \n magic_quotes_runtime=off \n short_open_tag=on";
                fastcgi_param   PHP_VALUE "post_max_size=20M \n upload_max_filesize=20M \n max_execution_time=3660";
                fastcgi_param   HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
                fastcgi_read_timeout 3540; # Z-Push Ping might run 3600s, but to be safe
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                include fastcgi_params;
                real_ip_header HTTP_X_REAL_IP;
        }
    

    I have tried all possible combination of 'real_ip_header" with no changes being observed… Z-push logs devices on LAN as if they are connecting from public IP


Log in to reply
 

Looks like your connection to Kopano Community Forum was lost, please wait while we try to reconnect.