On 2018-01-30 15:59, Bill Shirley wrote:

> 
> In an earlier post:
> Becouse I prefer to use fail2ban for brute force attacks and fail2ban depends 
> source IP address.In this setup I can't see source IP. Also I'll use iptables 
> as a permanent filter for some IPv4 blocks (like china).  
> 
> He needs to see the real public addresses of those who connect to this new 
> server.

Of course, but what I meant is that the reason he doesn't, and he
definitely has to, is because the upstream configuration is broken, not
because he has private address assigned to the NIC. You can have private
address assigned to the NIC and be perfectly capable of seeing original
source address. This is how it should be configured.

Karol




-- 
Karol Augustin
ka...@augustin.pl
http://karolaugustin.pl/
+353 85 775 5312

Reply via email to