O Nginx não encaminha o IP do cliente correto ao usar o NAT do Virtualbox

1

Eu tenho essa configuração nginx

    upstream xxx {
      server 127.0.0.1:12123;
    }
    error_log /home/web/.log/error.log;
    server {
            listen 4567;
            server_name mydomain "" _;
            root /tmp/xxx/public;
            error_log /tmp/xxx.error.log;
            error_page 500 502 503 504 /502.html;
            location / {
                    try_files $uri/index.html $uri @pukis;
            }
            location @pukis {
                    proxy_read_timeout 300;
                    proxy_connect_timeout 300;
                    proxy_redirect     off;
                    proxy_set_header   x-forwarded-for   $proxy_add_x_forwarded_for;
                    proxy_set_header   x-forwarded-proto $scheme;
                    proxy_set_header   host              $http_host;
                    proxy_set_header   x-real-ip         $remote_addr;
                    proxy_set_header   http-client-ip    $remote_addr;
                    proxy_pass http://xxx;
            }
    }

Quando acessado de outro IP, por exemplo 10.7.7.7 , ele ainda mostra seu host ip ( 10.0.2.2 ) em x-forwarded-for , x-real-ip e http-client-ip

Minha versão nginx nginx/1.8.0

  "X-Real-Ip":         {"10.0.2.2"},
    "User-Agent":        {"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"},
    "Accept-Language":   {"en-US,en;q=0.8,id;q=0.6"},
    "X-Forwarded-For":   {"10.0.2.2"},
    "Http-Client-Ip":    {"10.0.2.2"},
    "Connection":        {"close"},
    "Cache-Control":     {"max-age=0"},
    "Accept":            {"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"},
    "Accept-Encoding":   {"gzip, deflate, sdch"},
    "X-Forwarded-Proto": {"http"},

Eu uso nat-mode no virtualbox (host: 10.0.2.2 , guest: 10.0.2.15 ) e encaminhamento de porta, qual é a alternativa para resolver esse problema?

As conexões:

guest / linux (10.0.2.15) < -NAT- > (10.0.2.2) host / win (172.16.10.100) < - > (172.16.10.2) roteador

a tabela de roteamento do host / win:

===========================================================================
Interface List
 22...40 f2 e9 34 d7 f3 ......Hyper-V Virtual Ethernet Adapter #2
 23...08 00 27 00 d8 17 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.16.10.2    172.16.10.100    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.16.10.0    255.255.255.0         On-link     172.16.10.100    261
    172.16.10.100  255.255.255.255         On-link     172.16.10.100    261
    172.16.10.255  255.255.255.255         On-link     172.16.10.100    261
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link     172.16.10.100    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link     172.16.10.100    261
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      172.16.10.2     256
          0.0.0.0          0.0.0.0      172.16.10.2  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 23    276 fe80::/64                On-link
 22    261 fe80::/64                On-link
 22    261 fe80::2477:8ab2:4d76:a579/128
                                    On-link
 23    276 fe80::a0ca:7a7f:8ee0:49c8/128
                                    On-link
  1    306 ff00::/8                 On-link
 23    276 ff00::/8                 On-link
 22    261 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

a tabela de roteamento do guest / linux:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    202    0        0 enp0s3
10.0.2.0        0.0.0.0         255.255.255.0   U     202    0        0 enp0s3
    
por Kokizzu 08.06.2015 / 09:37

1 resposta

0

Isso funciona quando, agora, o IP do cliente não terá alias

./vboxmanage modifyvm XXX --nataliasmode1 proxyonly

em que XXX é o nome da VM sensível a maiúsculas e minúsculas.

    
por 09.06.2015 / 02:48