how to route external IP to internal without MASQUERADE

ssh iptables dmz ip-forwarding

Solution 1:

I realise you stated that you want to keep the original IP address hitting your Python server, but you might be taking the wrong approach here. It's standard practice to pass through the original IP address via HTTP in the X-Forwarded-For header. Most web frameworks will pick up this header and use in place of the original IP address if it's specified.

If you wanted to go down that road, all you'd need is a front end web server. It's a good idea to have a front end, anyway: it's more secure because no-one has direct access to your app server, and you can easily implement services like HTTPS and caching without taking more CPU cycles on the app server. Something like Nginx would do the trick beautifully.

Related

GCP Owner and Administrator roles for organization
What is Ad Hoc Query?
What does "The code generator has deoptimised the styling of [some file] as it exceeds the max of "100KB"" mean?
Do I need a content-type header for HTTP GET requests?
How can I pass artifacts to another stage?
Step-by-step debugging with IPython
Cannot use ref or out parameter in lambda expressions
Gradle: Could not determine java version from '11.0.2'
How to version control a record in a database [closed]
nil detection in Go
It is more efficient to use if-return-return or if-else-return?
Git: Pull from other remote