I am sending request from my machine to server. Ip address of my machine is 192.168.1.217.
At server side I am printing the client Ip address, but when I am printing Ip address with request.getRemoteAddr() I am getting it as 192.168.0.5.
When I am printing Ip address with request.getHeader("X-FORWARDED-FOR") I am getting it as null.
I am using apache tomcat server.
If that IP address (192.168.0.5) is the (or a) firewall, then it is the right IP address. Your server-side code is reporting the "client" IP address that it sees, and it can't do any better.
In general, there are a couple of possible explanations as to what is going on:
The firewall could be running an HTTP proxy, and your client machine could be configured send all HTTP requests through the proxy. If the client is capable of talking directly to the server, then you may be able to modify the client's proxy settings to treat the server as an exception.
The firewall could be providing a NAT service that is isolating one part of you networks from another part (for example). If this is the issue, then you will need your network administrators' help.
It is common (and often "good practice") to run a Tomcat server on (say) port 8080, and put it behind a reverse proxy on port 80.
In your case, the first explanation is most likely.
@andrucz suggests using the Tomcat Remote IP Filter. That will work in some circumstances, but not all, and it is using information that can easily be "spoofed"
The bottom line is that it is common for a webserver to not be able to see the real IP addresses of clients. So it is inadvisable to implement your services to depend on this.
You can use Tomcat Remote IP Filter: http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_IP_Filter
Maybe you will need network administrators' help to configure firewall to include "X-Forwarded-For" header.
