NAT is nice as it provides some form of protection/shielding of vms from the internet, by placing the host between (doing all the fire walling)
server is exposed to regular dovecot and exim password bruteforce attempts, in order to guess valid mail & password.
without the proper IP of the client in the logs doing the wrong
IP can not be blocked by iptables / firewall
how can virtualbox be configured, to log the actual IP address of the client that is trying to guess a password?
==> /var/log/exim/main.log <== 2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication data (email@example.com) 2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication da
# shutdown / poweroff vm VBoxManage modifyvm "vmname" --nataliasmode1 proxyonly # power on vm again and monitor the logs # if the real client ip adresses are now being passed on to the vm or not
: Defines behaviour of the NAT engine core:
- log – enables logging
- proxyonly – switches off aliasing mode and makes NAT transparent
- sameports – enforces the NAT engine to send packets through the same port as they originated on
- default – disable all aliasing modes. See Section 9.8.7, “Configuring Aliasing of the NAT Engine”.