reveal IP connection source from bruteforce authentication attempt

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
gaelroma
Posts: 10
Joined: Thu Sep 27, 2018 10:56 am

Re: reveal IP connection source from bruteforce authentication attempt

Post by gaelroma »

Yes I need it , because all machines are virtualized. I have two public IPs one for the web server and one for the mail server. the third public IP is for the firewall...

resuming the NAT configuration:

I access to the firewall with a public IP, then there are 2 rules (NAT 1:1)

External IP Internal IP Destination IP Description
x.x.x.x x.x.x.12 * Mail Server
w.w.w.w x.x.x.10 * Web Server
User avatar
axslingr
Outstanding Member
Outstanding Member
Posts: 256
Joined: Sat Sep 13, 2014 2:20 am
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 UBUNTU18

Re: reveal IP connection source from bruteforce authentication attempt

Post by axslingr »

Gotcha. I'm out of ideas then. I've never seen Zimbra log connections from the private side of pfSense, especially if no other nat or static routing modifications have been made.

Lance
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: reveal IP connection source from bruteforce authentication attempt

Post by L. Mark Stone »

This seems like a pfsense issue at the end of the day.

Does this help?

https://forum.netgate.com/topic/113676/ ... hout-nat/7

Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
gaelroma
Posts: 10
Joined: Thu Sep 27, 2018 10:56 am

Re: reveal IP connection source from bruteforce authentication attempt

Post by gaelroma »

I managed to print real IP disabling Outbound NAT rule generation in pfsense.

Thank you guys!
Post Reply