LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   IPTABLES and NAT (https://www.linuxquestions.org/questions/linux-security-4/iptables-and-nat-581970/)

metallica1973 09-03-2007 07:42 PM
IPTABLES and NAT
 
I have a client and I started messing around with his IPTABLES trying to make it more secure. Everything seemed ok until one day I decided to browse the headers of several emails that were sent out and noticed that you can see the internal IP address of the originator along with the expected pubic IP address. I have also sent messages from the DMZ of the company and it also displayed the unatted internal IP addresses. It thought that I had the rule right but I guess not! Here is the POSTROUTING rule in the script. What gives?

PHP Code:
 $IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE 

win32sux 09-03-2007 07:58 PM
This would involve scrubbing the mail headers, which happens at the application layer - not the network and transport layers which iptables works with. That said, since you are posting in the Linux - Security forum, I assume you wanna do this for security reasons. If that is indeed the case, please remember that this is considered security through obscurity. Just my :twocents:.

metallica1973 09-03-2007 08:02 PM
you are right, there is a real security concern here. The clients use thunderbird. How can one hide the internal address in the mail header using the client program?(POP3) Why would e-mail clients reveal your internal address, to me that defeats the purpose of security!

win32sux 09-03-2007 08:21 PM
Quote:
Originally Posted by metallica1973 (Post 2880268)
you are right, there is a real security concern here. The clients use thunderbird. How can one hide the internal address in the mail header using the client program?(POP3) Why would e-mail clients reveal your internal address, to me that defeats the purpose of security!
Wait, please read the link I posted. :)

Scrubbing those headers isn't a bad thing AFAICT, but you really shouldn't be in a position where scrubbing them makes you feel safer - cuz you won't be. That's kinda the point of the arguments against security through obscurity. That said, I'm not sure how to do that from Thunderbird, or any other mail client. I would actually think this is something you'd wanna do on the mail server itself, but I'm not sure. I'm gonna step aside and let someone more knowledgeable provide you with a definite answer to that. Hang in there.

metallica1973 09-03-2007 08:26 PM
One more question:

if my packets are natted from my firewall how can my e-mail provider know my internal address?

win32sux 09-03-2007 09:55 PM
Quote:
Originally Posted by metallica1973 (Post 2880288)
if my packets are natted from my firewall how can my e-mail provider know my internal address?
I would think the IP is included in a header by Thunderbird before it gets sent to the server.

metallica1973 09-07-2007 08:56 PM
if I am using pop mail then how can I scrub my headers so that it doesn't give ouy my internal address. It is amazing how everyday I discover something new regarding security! Why hasnt this issue been addressed?

win32sux 09-07-2007 09:08 PM
Quote:
Originally Posted by metallica1973 (Post 2885034)
if I am using pop mail then how can I scrub my headers so that it doesn't give ouy my internal address.
Maybe find a Thunderbird extension that does this?

Quote:
Why hasnt this issue been addressed?
My guess is the developers don't classify it as a security issue.


All times are GMT -5. The time now is 08:15 PM.