Translate external public source IP to a local or static IP for external server

Good morning.

I have an appliance from a manufacturer that has recently disabled the ability to reverse proxy into the device by blocking non local IP addresses. They allow /24 in whitelisting but this is no use when connecting externally over my Traefik v2 reverse proxy.

Does anyone have any pointers to convince the appliance that is is receiving a connection from an internal IP by NAT or some other translation of external public IP?


This is my Traefik config for the appliance that was working until the manufacturer added a blocklist and I’ve tried to find a workaround in the Traefik documentation but to no avail.

entryPoints = ["https"]
rule = "Host( )"
service = "appliance-svc"
middlewares = ["chain-oauth"]
certresolver = "dns-cloudflare"

passHostHeader = true
url = "" # appliance router static IP

I would start with setting the passHostHeader to false, the reverse proxy detection could be a simple match on the Host header not matching the appliance hostname.

If the X-Forwarded-* headers are used as the detection method, I am not sure they can be disabled in traefik.

Some testing with curl could help work out how they are detecting reverse proxy requests.

1 Like