Pregunta Nginx no reenvía la IP correcta del cliente cuando usa Virtualbox NAT


Tengo esta configuración nginx

    upstream xxx {
      server 127.0.0.1:12123;
    }
    error_log /home/web/.log/error.log;
    server {
            listen 4567;
            server_name mydomain "" _;
            root /tmp/xxx/public;
            error_log /tmp/xxx.error.log;
            error_page 500 502 503 504 /502.html;
            location / {
                    try_files $uri/index.html $uri @pukis;
            }
            location @pukis {
                    proxy_read_timeout 300;
                    proxy_connect_timeout 300;
                    proxy_redirect     off;
                    proxy_set_header   x-forwarded-for   $proxy_add_x_forwarded_for;
                    proxy_set_header   x-forwarded-proto $scheme;
                    proxy_set_header   host              $http_host;
                    proxy_set_header   x-real-ip         $remote_addr;
                    proxy_set_header   http-client-ip    $remote_addr;
                    proxy_pass http://xxx;
            }
    }

Cuando se accede desde otra IP, por ejemplo 10.7.7.7, todavía muestra que es el host de IP (10.0.2.2) en x-forwarded-for, x-real-ip y http-client-ip

Mi versión nginx nginx/1.8.0

  "X-Real-Ip":         {"10.0.2.2"},
    "User-Agent":        {"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"},
    "Accept-Language":   {"en-US,en;q=0.8,id;q=0.6"},
    "X-Forwarded-For":   {"10.0.2.2"},
    "Http-Client-Ip":    {"10.0.2.2"},
    "Connection":        {"close"},
    "Cache-Control":     {"max-age=0"},
    "Accept":            {"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"},
    "Accept-Encoding":   {"gzip, deflate, sdch"},
    "X-Forwarded-Proto": {"http"},

Yo uso nat-mode en virtualbox (host: 10.0.2.2, huésped: 10.0.2.15) y reenvío de puertos, ¿cuál es la alternativa para resolver este problema?

Las conexiones:

invitado / linux (10.0.2.15) <-NAT-> (10.0.2.2) host / win (172.16.10.100) <-> (172.16.10.2) enrutador

la tabla de enrutamiento de host / win:

===========================================================================
Interface List
 22...40 f2 e9 34 d7 f3 ......Hyper-V Virtual Ethernet Adapter #2
 23...08 00 27 00 d8 17 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.16.10.2    172.16.10.100    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.16.10.0    255.255.255.0         On-link     172.16.10.100    261
    172.16.10.100  255.255.255.255         On-link     172.16.10.100    261
    172.16.10.255  255.255.255.255         On-link     172.16.10.100    261
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link     172.16.10.100    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link     172.16.10.100    261
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      172.16.10.2     256
          0.0.0.0          0.0.0.0      172.16.10.2  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 23    276 fe80::/64                On-link
 22    261 fe80::/64                On-link
 22    261 fe80::2477:8ab2:4d76:a579/128
                                    On-link
 23    276 fe80::a0ca:7a7f:8ee0:49c8/128
                                    On-link
  1    306 ff00::/8                 On-link
 23    276 ff00::/8                 On-link
 22    261 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

la tabla de enrutamiento de guest / linux:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    202    0        0 enp0s3
10.0.2.0        0.0.0.0         255.255.255.0   U     202    0        0 enp0s3

1


origen


¿Cómo lo verificaste? ¿Hay algo más entre el cliente y nginx? - Alexey Ten
al imprimir todo el encabezado http, por cierto esto es causado por el nat de virtualbox, ya que ssh también muestra 10.0.2.2 como es cliente ... - Kokizzu
posible duplicado de Cómo obtener la dirección IP entrante de la caja virtual - Alexey Ten
sí, es duplicado, el ./vboxmanage modifyvm XXX --nataliasmode1 proxyonly trabajos: 3 - Kokizzu


Respuestas:


Hacer esto funciona cuando, ahora la IP del cliente no se alias

./vboxmanage modifyvm XXX --nataliasmode1 proxyonly

donde XXX es su nombre de VM sensible a mayúsculas y minúsculas.


0