On 2018-01-30 15:59, Bill Shirley wrote: > > In an earlier post: > Becouse I prefer to use fail2ban for brute force attacks and fail2ban depends > source IP address.In this setup I can't see source IP. Also I'll use iptables > as a permanent filter for some IPv4 blocks (like china). > > He needs to see the real public addresses of those who connect to this new > server.
Of course, but what I meant is that the reason he doesn't, and he definitely has to, is because the upstream configuration is broken, not because he has private address assigned to the NIC. You can have private address assigned to the NIC and be perfectly capable of seeing original source address. This is how it should be configured. Karol -- Karol Augustin ka...@augustin.pl http://karolaugustin.pl/ +353 85 775 5312