At 09:33 -0500 30/9/12, Jack Bates wrote:

On 9/30/2012 8:02 AM, Charles Marcus wrote:

...

Hi Timo/everyone,

Currently we are logging the remote IP, but is there a way to show the IP address that the NAT connection is coming from?

The reason I ask is, we are changing ISPs, and I would like to see in the logs when an external connection is coming from our OLD ISP connection, and when it is coming through our new one.

We have a Watchguard firewall, and I have both External connections setup and working, and have just pointed our DNS records to the new public IP, and would like to be able to see which WAN connection/IP they are coming from.

You could bind 2 internal IP Addresses to the server and have each NAT translation go to a different internal IP.

Jack

From my remembrances of the packet layout there is nowhere in the packet for the pre-NAT address to live. The only place the mapping is stored is in the internal tables of the NAT router which has to know where to send the reply packets.

David

-- David Ledger - Freelance Unix Sysadmin in the UK. david.ledger@ivdcs.co.uk www.ivdcs.co.uk

On 2012-09-30 10:41 PM, Timo Sirainen <tss@iki.fi> wrote:

Dovecot only sees one remote IP address (%r) and one local IP address (% l) for connections. %r is already logged, but you can add %l if that helps. Other than that, I can't really help.

Yeah, but that is the IP of the mail server, and since I have only one, it doesn't help any.

No worries, I did see how to see this on my perimeter firewall (thanks Stan), so I can see what I'm looking for now.

Thanks Timo,

--

Best regards,

Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 | 678.514.6299 fax