Nginx no reenvía la IP del cliente correcta cuando usa Virtualbox NAT

tag-icon tag-icon nginx virtualbox
Nginx no reenvía la IP del cliente correcta cuando usa Virtualbox NAT

Tengo esta configuración de nginx

    upstream xxx {
      server 127.0.0.1:12123;
    }
    error_log /home/web/.log/error.log;
    server {
            listen 4567;
            server_name mydomain "" _;
            root /tmp/xxx/public;
            error_log /tmp/xxx.error.log;
            error_page 500 502 503 504 /502.html;
            location / {
                    try_files $uri/index.html $uri @pukis;
            }
            location @pukis {
                    proxy_read_timeout 300;
                    proxy_connect_timeout 300;
                    proxy_redirect     off;
                    proxy_set_header   x-forwarded-for   $proxy_add_x_forwarded_for;
                    proxy_set_header   x-forwarded-proto $scheme;
                    proxy_set_header   host              $http_host;
                    proxy_set_header   x-real-ip         $remote_addr;
                    proxy_set_header   http-client-ip    $remote_addr;
                    proxy_pass http://xxx;
            }
    }

Cuando se accede desde otra IP, por ejemplo 10.7.7.7, todavía muestra la IP del host ( 10.0.2.2) en x-forwarded-foryx-real-iphttp-client-ip

Mi versión nginxnginx/1.8.0

  "X-Real-Ip":         {"10.0.2.2"},
    "User-Agent":        {"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"},
    "Accept-Language":   {"en-US,en;q=0.8,id;q=0.6"},
    "X-Forwarded-For":   {"10.0.2.2"},
    "Http-Client-Ip":    {"10.0.2.2"},
    "Connection":        {"close"},
    "Cache-Control":     {"max-age=0"},
    "Accept":            {"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"},
    "Accept-Encoding":   {"gzip, deflate, sdch"},
    "X-Forwarded-Proto": {"http"},

Utilizo el modo nat en virtualbox (host:, 10.0.2.2invitado:) 10.0.2.15y reenvío de puertos, ¿cuál es la alternativa para resolver este problema?

Las conexiones:

invitado/linux (10.0.2.15) <-NAT-> (10.0.2.2) host/win (172.16.10.100) <--> (172.16.10.2) enrutador

la tabla de enrutamiento de host/win:

===========================================================================
Interface List
 22...40 f2 e9 34 d7 f3 ......Hyper-V Virtual Ethernet Adapter #2
 23...08 00 27 00 d8 17 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.16.10.2    172.16.10.100    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.16.10.0    255.255.255.0         On-link     172.16.10.100    261
    172.16.10.100  255.255.255.255         On-link     172.16.10.100    261
    172.16.10.255  255.255.255.255         On-link     172.16.10.100    261
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link     172.16.10.100    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link     172.16.10.100    261
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      172.16.10.2     256
          0.0.0.0          0.0.0.0      172.16.10.2  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 23    276 fe80::/64                On-link
 22    261 fe80::/64                On-link
 22    261 fe80::2477:8ab2:4d76:a579/128
                                    On-link
 23    276 fe80::a0ca:7a7f:8ee0:49c8/128
                                    On-link
  1    306 ff00::/8                 On-link
 23    276 ff00::/8                 On-link
 22    261 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

la tabla de enrutamiento de invitado/linux:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    202    0        0 enp0s3
10.0.2.0        0.0.0.0         255.255.255.0   U     202    0        0 enp0s3

Respuesta1

Hacer esto funciona cuando ahora la IP del cliente no tendrá alias

./vboxmanage modifyvm XXX --nataliasmode1 proxyonly

donde XXX es el nombre de su máquina virtual que distingue entre mayúsculas y minúsculas.

información relacionada