OpenVZ Host is the source IP address rather than actual web surfers?
I have a problem with my VPS. Simple example:
<?php $ip = $_SERVER['REMOTE_ADDR'];
Echo "User IP : " . $ip;
?>
That code should display the user IP address, but it's showing the HN IP address (not VPS IP address).
Again when I'm logging via ssh to the virtual container, the IP that was logged in is the Hardware nod's IP.
Similar issue is here: OpenVZ Host is the source IP address rather than actual web surfers?
Here is the openVZ configuration:
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
# Controls source route verification
net.ipv4.conf.all.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 1
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# Disable proxy arp
net.ipv4.conf.default.proxy_arp = 0
# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.ip_conntrack_max=32760
IPTables config
[root@nod1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
all -- clienti.alba.rdsnet.ro anywhere
all -- anywhere clienti.alba.rdsnet.ro
all -- clienti.alba.rdsnet.ro anywhere
all -- anywhere clienti.alba.rdsnet.ro
all -- clienti.alba.rdsnet.ro anywhere
all -- anywhere clienti.alba.rdsnet.ro
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
REJECT all -- anywhere anywhere reject-with icmp-ho
Can someone please help me ? Also, I'm not an expert so if someone can explain step by step, I would really appreciate it.
OK, so here is what I've done. I've stop the iptables service and removed the section with mangle and nat from /etc/sysconfig/iptables . As instructed by Adam, i've removed "iptable_mangle" from file /etc/sysconfig/vz in line section "## IPv4 iptables kernel modules". I did:
iptables -t nat -L iptables -t mangle -L
I've restarted the iptables service and problem solved.
Now I can se my private IP in the server log :D
Many thank to Adam for pointing out the mangle and nat.
Good luck!