Dear Francis,
thank you very much for your detailed explanation.
I will investigate in order to detect the right way (and tool) to rich my
goal thinking about your words.
Have a great day.
Regards,
Mauro
Il dom 29 apr 2018 11:09 Francis Daly <francis@daoine.org> ha scritto:
> On Fri, Apr 27, 2018 at 01:41:26AM +0200, Mauro Tridici wrote:
>
> Hi there,
>
> > So, I would like to ask you if I can use NGINX i order to start a port
> forwarding from an internet client to a server machine in my private LAN
> preserving the client IP.
>
> In general, what you want cannot be done (I believe).
>
> There are some specific cases where it can be made to work. Maybe your
> case is, or can be made, one of those.
>
> One case is where the upstream service can be told to expect the
> "proxy protocol". The client connects to nginx; nginx is configured
> with a suitable "proxy_protocol on" directive, and writes some extra
> information at the start of the tcp connection to the upstream service;
> that service reads that information and knows the original client address.
>
> Another case is where the upstream server will always send all IP traffic
> addressed to the original clients, through the port-forwarding server;
> and where the network between the port-forwarding server and the upstream
> server is happy for spoofed source addresses on IP packets to pass. In
> that case, the port-forwarding server can be clever with the packets
> that it forwards, and can be clever with the response packets from the
> upstream server. Nginx is not the right tool to be the port-forwarding
> service in that case; something within your operating system's IP stack
> should be investigated instead.
>
> Good luck with it,
>
> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
