preserve ip during nat forwarding

Discussions related to using VirtualBox on Linux hosts.

preserve ip during nat forwarding

Postby canoodler » 27. Jun 2020, 10:15

hello,

virtualbox is great cross-os virtualization and it happens that vms are moved from windows to linux and vice versa, and it works great.

problem: does NAT preserve the original ip?

Code: Select all   Expand viewCollapse view
==> /var/log/exim/main.log <==
2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication data (set_id=phpthumbdebug@domain.com)
2020-06-26 19:34:48 dovecot_login authenticator failed for (User) [10.0.2.2]: 535 Incorrect authentication data (set_id=h1@domain.com)


https://serverfault.com/questions/1023071/exim-dovecot-as-virtual-machine-behind-proxy-log-actual-ip-of-client

ps: the "Notify me when a reply is posted" should be enabled per default (only can be done with nasty hack X-D) https://dwaves.org/2014/12/04/phpbb-notify-me-when-a-reply-is-posted-set-per-default/
canoodler
 
Posts: 4
Joined: 12. Feb 2020, 13:36

Re: preserve ip during nat forwarding

Postby fth0 » 27. Jun 2020, 12:22

You can either use the NAT networking mode in combination with the VBoxManage modifyvm <VM-name> --nataliasmode<n> proxyonly command (see 9.8.7. Configuring Aliasing of the NAT Engine), or you can use the NAT Network networking mode.
fth0
Volunteer
 
Posts: 977
Joined: 14. Feb 2019, 03:06
Location: Germany
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, macOS, ...

Re: preserve ip during nat forwarding

Postby canoodler » 1. Jul 2020, 22:12

Thanks! that worked!

1) powerdown vm

2) fire up terminal and type:

Code: Select all   Expand viewCollapse view
VBoxManage modifyvm "vmname" --nataliasmode1 proxyonly


3) start vm again

now the proper client IPs are forwarded to the VM show up in the /var/logs ! :)

does this have any security implications?

Code: Select all   Expand viewCollapse view
--nataliasmode<1-N> default|[log],[proxyonly],[sameports]


was not enough:

Code: Select all   Expand viewCollapse view
VBoxManage modifyvm "vmname" --nataliasmode1 log


what does the 1 stand for?
canoodler
 
Posts: 4
Joined: 12. Feb 2020, 13:36

Re: preserve ip during nat forwarding

Postby fth0 » 3. Jul 2020, 22:41

canoodler wrote:does this have any security implications?

Nobody can guarantee that this has no security implications, because you usually cannot prove that something is secure. You can only prove that something is not insecure regarding known insecurities. That being said, I wouldn't expect forwarding the original source IP address during port forwarding to be insecure. Many port forwarding implementations do this.

canoodler wrote:what does the 1 stand for?

It's the number of the network adapter provided to the VM (e.g. 1, 2, 3, 4).
fth0
Volunteer
 
Posts: 977
Joined: 14. Feb 2019, 03:06
Location: Germany
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, macOS, ...


Return to VirtualBox on Linux Hosts

Who is online

Users browsing this forum: scottgus1 and 24 guests