I have a Raspberry Pi running which we're using in the office for small test projects we don't want on our main development server. It is running apache. The DNS is handled via Cloudflare, but in DNS Only mode. Currently, no IP restriction is in place while I test. The A record for mysite.domain.tld
is pointing to my static IP address 123.123.123.123
and only a standard business fibre router/modem sit between the Internet and the Pi.
When I visit mysite.domain.tld
from, for instance, my phone without wifi, the cell carrier IP shows up. When I wget
from a remote server, its' IP shows up in the logs. Everything works as expected.
However, when I go to mysite.domain.tld
from within the same network that the Pi is located in, apache logs the router gateway IP 192.168.1.1
. I'd expect to see my public IP address, because my connection to the domain name resolves, via Cloudflare, to the public IP. But instead I see a local network IP in the logs.
There is nothing set in /etc/hosts
(I'm on macOS) and on the router, only port-forwarding for connections from port 443 are router to the Pi on the same port - nothing regarding the domain name is reference anywhere. When I ping mysite.domain.tld
it gives me the Cloudflare IP address, which is what I'd expect.
It seems like somewhere along the chain, the fact that my IP address and the public IP address of the Pi are being matched so it's overriding the IP with the internal gateway IP. What is actually happening here? I don't mind per se, I just want to make sure that I can rely on the fact that 192.168.*
IPs can be trusted when setting up IP restriction on the firewall.
Note: CF-Connecting-IP and similar headers are not sent by Cloudflare here, I presume that only happens when not in DNS Only mode. And it seems to be only when I use the same network connection that the Pi is using.