That's odd. I was a bit interested by this, never took any time to look at it before. Maybe the correct solution is for Metaframe to take the client address out of the IP header rather than the actual "Data"? Seems like that is what is happening when looking at the traffic over the wire. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Beckett Sent: Wednesday, October 27, 2004 1:17 PM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: OT - IP address Thanks for the input Tim, Mark. -----Original Message----- From: Tim Mangan [mailto:tmangan@xxxxxxxxxxxx] Sent: Wednesday, October 27, 2004 1:18 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT - IP address The "correct" solution doesn't exist (as far as I know). That would be to fix the NAT feature of the home firewall to be able to do address translation above the IP level. Unfortunately there are way too many protocols out there to delve up. Perhaps with a linux based router someone could hack up a specific RDP/ICA fix. By the way, if the user uses a VPN to connect in from home, you might be able to use the Client Name associated with the disconnected session to obtain the ISP address for a short while. tim _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Mark Cook Sent: Wednesday, October 27, 2004 9:54 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Re: OT - IP address Yup, the ICA (& RDP) protocol API's all report the actual IP address of the connecting client and not the IP address that is being routed through in this case ! It suck's but that's how the protocol works unfortunately. You can't even tracert them because it's not a valid IP address, unless anyone know's a way to ID the IP of the connecting router involved and if so I'd love to know how (obviously you can trawl though Winsock call's and inet stuff but is there a higher level way to achieve this) ? Mark -----Original Message----- From: Bill Beckett [mailto:Bill.beckett@xxxxxxxxxxxxxxxxx] Sent: 27 October 2004 14:10 To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] OT - IP address Just wanted to know if anyone has any thoughts on this. I check our security logs every day and noticed something that to me at least, is odd. A user logs in from home and said user has a broadband connection and a wireless router (Linksys, netgear, that variety). If I check the security log and look at when the user disconnected from their session it has the EXTERNAL address provided by the ISP. However, if I go into Citrix Metaframe Admin and look at their disconnected session which is still hanging out there, hit the Information tab, it gives me the internal address (192.x.x.x in this case) of the PC behind the router. So, eventvwr gives the ISP assigned IP while MFAdmin gives the interal IP. Anyone know why the difference?