Hi,
we have an SSG550 in front of an apache box in reverse proxy mode. Everything is working fine, however when we look at logs to try and troubleshoot connections to the back end servers we see that the SSG is rewriting the client traffic with its own internal IP....
has anybody seen or come across this before, we have two other firewalls set up in a similar manner without this problem.
There are not NAT's configured on the firewall, we have done a TCPDUMP on the reverse proxy box and can see the traffic from the firewall:
From the TransferLog on apache directive we get:
o 10.10.10.1 - - [04/Sep/2012:17:03:39 +1000] "GET /functions.asmx HTTP/1.0" 200 4813
o 10.10.10.1 - - [04/Sep/2012:17:07:07 +1000] "POST /Functions.asmx HTTP/1.1" 200 521
·
One of our team has checked the actual packets with tcpdump and as you can see it’s been received by proxy server with the modified source IP:
o 17:26:16.138922 IP 10.10.10.1.31973 > 10.10.10.108.https: S 1878350834:1878350834(0) win 5840 <mss 1452,sackOK,timestamp 1451141388 0,nop,wscale 7>
o 17:26:16.140449 IP 10.10.10.1.63889 > 10.10.10.108.https: S 1696417077:1696417077(0) win 5840 <mss 1452,sackOK,timestamp 1451141388 0,nop,wscale 7>
10.10.10.1 is the internal ip of the firewall, why is the firewall doing the translation, we would expect to see the client IP. I am happy to provide snippets of the firewall config, there are multiple virtual routers configured and the interfaces in question are in redundant mode.
Any clues, suggestions welcome.
#apache#SSG