[Dovecot] Log NAT IP address?
Hi Timo/everyone,
Currently we are logging the remote IP, but is there a way to show the IP address that the NAT connection is coming from?
The reason I ask is, we are changing ISPs, and I would like to see in the logs when an external connection is coming from our OLD ISP connection, and when it is coming through our new one.
We have a Watchguard firewall, and I have both External connections setup and working, and have just pointed our DNS records to the new public IP, and would like to be able to see which WAN connection/IP they are coming from.
Thanks,
--
Best regards,
Charles
On 9/30/2012 8:02 AM, Charles Marcus wrote:
Hi Timo/everyone,
Currently we are logging the remote IP, but is there a way to show the IP address that the NAT connection is coming from?
The reason I ask is, we are changing ISPs, and I would like to see in the logs when an external connection is coming from our OLD ISP connection, and when it is coming through our new one.
We have a Watchguard firewall, and I have both External connections setup and working, and have just pointed our DNS records to the new public IP, and would like to be able to see which WAN connection/IP they are coming from.
You could bind 2 internal IP Addresses to the server and have each NAT translation go to a different internal IP.
Jack
At 09:33 -0500 30/9/12, Jack Bates wrote:
On 9/30/2012 8:02 AM, Charles Marcus wrote:
Hi Timo/everyone,
Currently we are logging the remote IP, but is there a way to show the IP address that the NAT connection is coming from?
The reason I ask is, we are changing ISPs, and I would like to see in the logs when an external connection is coming from our OLD ISP connection, and when it is coming through our new one.
We have a Watchguard firewall, and I have both External connections setup and working, and have just pointed our DNS records to the new public IP, and would like to be able to see which WAN connection/IP they are coming from.
You could bind 2 internal IP Addresses to the server and have each NAT translation go to a different internal IP.
Jack
From my remembrances of the packet layout there is nowhere in the packet for the pre-NAT address to live. The only place the mapping is stored is in the internal tables of the NAT router which has to know where to send the reply packets.
David
-- David Ledger - Freelance Unix Sysadmin in the UK. david.ledger@ivdcs.co.uk www.ivdcs.co.uk
On 10/1/2012 2:58 AM, David Ledger wrote:
At 09:33 -0500 30/9/12, Jack Bates wrote:
On 9/30/2012 8:02 AM, Charles Marcus wrote:
Hi Timo/everyone,
Currently we are logging the remote IP, but is there a way to show the IP address that the NAT connection is coming from?
The reason I ask is, we are changing ISPs, and I would like to see in the logs when an external connection is coming from our OLD ISP connection, and when it is coming through our new one.
We have a Watchguard firewall, and I have both External connections setup and working, and have just pointed our DNS records to the new public IP, and would like to be able to see which WAN connection/IP they are coming from.
You could bind 2 internal IP Addresses to the server and have each NAT translation go to a different internal IP.
Jack
From my remembrances of the packet layout there is nowhere in the packet for the pre-NAT address to live. The only place the mapping is stored is in the internal tables of the NAT router which has to know where to send the reply packets.
David
Public IP1 -> 192.168.0.33 Public IP2 -> 192.168.0.34
Now we just track the internal address in our logs, since each public IP is mapped to a different internal IP.
Jack
On 9/30/2012 8:02 AM, Charles Marcus wrote:
Hi Timo/everyone,
Currently we are logging the remote IP, but is there a way to show the IP address that the NAT connection is coming from?
The reason I ask is, we are changing ISPs, and I would like to see in the logs when an external connection is coming from our OLD ISP connection, and when it is coming through our new one.
Traffic monitoring during a switchover of this nature is typically done at the edge router, not inside an individual server application. Is your router able to compile or export a daily traffic report per physical port, or raw data to your network monitoring software, showing packets/connections for TCP/UDP. Most can. This would give you the information you seek, including all traffic for both the new and old ISP, not just IMAP.
-- Stan
On Sun, 2012-09-30 at 09:02 -0400, Charles Marcus wrote:
Currently we are logging the remote IP, but is there a way to show the IP address that the NAT connection is coming from?
Dovecot only sees one remote IP address (%r) and one local IP address (% l) for connections. %r is already logged, but you can add %l if that helps. Other than that, I can't really help.
On 2012-09-30 10:41 PM, Timo Sirainen <tss@iki.fi> wrote:
Dovecot only sees one remote IP address (%r) and one local IP address (% l) for connections. %r is already logged, but you can add %l if that helps. Other than that, I can't really help.
Yeah, but that is the IP of the mail server, and since I have only one, it doesn't help any.
No worries, I did see how to see this on my perimeter firewall (thanks Stan), so I can see what I'm looking for now.
Thanks Timo,
--
Best regards,
Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 | 678.514.6299 fax
participants (5)
-
Charles Marcus
-
David Ledger
-
Jack Bates
-
Stan Hoeppner
-
Timo Sirainen