the nice:
NAT is nice as it provides some form of protection/shielding of vms from the internet, by placing the host between (doing all the fire walling)
the problem:
server is exposed to regular dovecot and exim password bruteforce attempts, in order to guess valid mail & password.
without the proper IP of the client in the logs doing the wrong
IP can not be blocked by iptables / firewall
how can virtualbox be configured, to log the actual IP address of the client that is trying to guess a password?
==> /var/log/exim/main.log <== 2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication data (set_id=phpthumbdebug@domain.com) 2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication da
# shutdown / poweroff vm VBoxManage modifyvm "vmname" --nataliasmode1 proxyonly # power on vm again and monitor the logs # if the real client ip adresses are now being passed on to the vm or not
--nataliasmode<1-N> default|[log],[proxyonly],[sameports]
: Defines behaviour of the NAT engine core:
- log – enables logging
- proxyonly – switches off aliasing mode and makes NAT transparent
- sameports – enforces the NAT engine to send packets through the same port as they originated on
- default – disable all aliasing modes. See Section 9.8.7, “Configuring Aliasing of the NAT Engine”.
Links:
https://forums.virtualbox.org/viewtopic.php?f=7&t=98804
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!