If you want to see actual source IP addresses, then you must not use hairpin NAT ... i.e. use split DNS where A record for public internet points at your router's WAN IP address (and plain dst-nat is enough to have connection working). And A record for "same subnet" clients points directly to server's LAN IP address so clients can talk to server directly, without (un-necessarily) involving router and its dst-nat.
Or close server into dedicated subnet .. which means that communication with LAN clients will have to pass touter and hair-pin nat is not necessary any more.
Or close server into dedicated subnet .. which means that communication with LAN clients will have to pass touter and hair-pin nat is not necessary any more.
Statistics: Posted by mkx — Mon Mar 11, 2024 7:38 pm
