Title: Attacks show internal IP Last modified: August 22, 2019 --- # Attacks show internal IP * Resolved [rzqu](https://wordpress.org/support/users/rzqu/) * (@rzqu) * [6 years, 8 months ago](https://wordpress.org/support/topic/attacks-show-internal-ip/) * Hello, * Im running the free version of Wordfence on a CentOS7 linux server running my wordpress website (which is behind a firewall) * On all the emails i get letting me know about the increased attack rates or Top 10 IP’s that are trying to attack my webserver they all show the inside interface IP address of my firewall and not the external IP address’s that are trying to attack. * Any ideas? * Thanks. Viewing 7 replies - 1 through 7 (of 7 total) * [WFGerroald](https://wordpress.org/support/users/wfgerald/) * (@wfgerald) * [6 years, 8 months ago](https://wordpress.org/support/topic/attacks-show-internal-ip/#post-11857174) * Hey [@rzqu](https://wordpress.org/support/users/rzqu/), * How do you have **How Does Wordfence Get IPs** set? Can you try adjusting it until you see your IP and let me know if it helps? * [https://www.wordfence.com/help/dashboard/options/](https://www.wordfence.com/help/dashboard/options/) * Thanks, * Gerroald * Thread Starter [rzqu](https://wordpress.org/support/users/rzqu/) * (@rzqu) * [6 years, 8 months ago](https://wordpress.org/support/topic/attacks-show-internal-ip/#post-11871473) * Hi [@wfgerald](https://wordpress.org/support/users/wfgerald/) * Ive tried to amend that setting to use the other options but this hasnt changed anything. – it still shows my FW internal IP Address. * All im doing on the FW is using a NAT to port forward the external request to our wordpress server which sits behind the FW. * Thanks * R. * Thread Starter [rzqu](https://wordpress.org/support/users/rzqu/) * (@rzqu) * [6 years, 8 months ago](https://wordpress.org/support/topic/attacks-show-internal-ip/#post-11881555) * Hey [@wfgerald](https://wordpress.org/support/users/wfgerald/) * Any other ideas or things that i can try? * switching out those options on How Does Wordfence Get IPs didnt work for me and still shows my internal FW interface ip. * Thanks. * [WFGerroald](https://wordpress.org/support/users/wfgerald/) * (@wfgerald) * [6 years, 8 months ago](https://wordpress.org/support/topic/attacks-show-internal-ip/#post-11884882) * Hey [@rzqu](https://wordpress.org/support/users/rzqu/), * I believe you’re going to need to reach out to your host if adjusting the ways Wordfence gets IPs isn’t helping. For some reason, the site isn’t able to detect the correct IPs. This seems like it’s going to be a server/network configuration issue. * Please let me know what they say. * Thanks, * Gerroald * Thread Starter [rzqu](https://wordpress.org/support/users/rzqu/) * (@rzqu) * [6 years, 7 months ago](https://wordpress.org/support/topic/attacks-show-internal-ip/#post-11939772) * Hi [@wfgerald](https://wordpress.org/support/users/wfgerald/) * Apologies for the silence, its been a busy couple weeks. * I am indeed the host of this system, im running an OPNSense Firewall and then using NAT to present my wordpress website to the outside world. Wordfence is of course running on my WordPress site. The WordPress website is running on a CentOS server which has an internal IP address connecting to the internal NIC of my FW. * Wordfence is telling me that all my traffic and blocked attacks are coming from my Internal IP of my FW. – which does kinda make sense given the traffic is passed from the WAN of my FW to the LAN as part of Network Address Translation (NAT) but surely im not the only person in the world to have this kind of setup.. so i would of thought there would of been others having the same issue. * I could always switch to a reverse proxy and then tag the original ip header but for now im using NAT. * Pulling my hair out at this and of course getting false results too so any pointers would be appreciated. * Thanks, * R. * Thread Starter [rzqu](https://wordpress.org/support/users/rzqu/) * (@rzqu) * [6 years, 7 months ago](https://wordpress.org/support/topic/attacks-show-internal-ip/#post-11986030) * [@wfdave](https://wordpress.org/support/users/wfdave/) * Included you Dave incase you may be able to shed some light based off a previous post; * [https://wordpress.org/support/topic/external-ips-are-recognised-as-internal-private-ips/](https://wordpress.org/support/topic/external-ips-are-recognised-as-internal-private-ips/) * Thread Starter [rzqu](https://wordpress.org/support/users/rzqu/) * (@rzqu) * [6 years, 7 months ago](https://wordpress.org/support/topic/attacks-show-internal-ip/#post-11988835) * Closing. - This reply was modified 6 years, 7 months ago by [rzqu](https://wordpress.org/support/users/rzqu/). Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Attacks show internal IP’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [firewall](https://wordpress.org/support/topic-tag/firewall/) * [internal](https://wordpress.org/support/topic-tag/internal/) * [IP](https://wordpress.org/support/topic-tag/ip/) * 7 replies * 2 participants * Last reply from: [rzqu](https://wordpress.org/support/users/rzqu/) * Last activity: [6 years, 7 months ago](https://wordpress.org/support/topic/attacks-show-internal-ip/#post-11988835) * Status: resolved