LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-03-2007, 07:42 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Rep: Reputation: 57
IPTABLES and NAT


I have a client and I started messing around with his IPTABLES trying to make it more secure. Everything seemed ok until one day I decided to browse the headers of several emails that were sent out and noticed that you can see the internal IP address of the originator along with the expected pubic IP address. I have also sent messages from the DMZ of the company and it also displayed the unatted internal IP addresses. It thought that I had the rule right but I guess not! Here is the POSTROUTING rule in the script. What gives?

PHP Code:
 $IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE 

Last edited by metallica1973; 09-03-2007 at 07:50 PM.
 
Old 09-03-2007, 07:58 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
This would involve scrubbing the mail headers, which happens at the application layer - not the network and transport layers which iptables works with. That said, since you are posting in the Linux - Security forum, I assume you wanna do this for security reasons. If that is indeed the case, please remember that this is considered security through obscurity. Just my .

Last edited by win32sux; 09-03-2007 at 08:00 PM.
 
Old 09-03-2007, 08:02 PM   #3
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Original Poster
Rep: Reputation: 57
you are right, there is a real security concern here. The clients use thunderbird. How can one hide the internal address in the mail header using the client program?(POP3) Why would e-mail clients reveal your internal address, to me that defeats the purpose of security!

Last edited by metallica1973; 09-03-2007 at 08:08 PM.
 
Old 09-03-2007, 08:21 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by metallica1973 View Post
you are right, there is a real security concern here. The clients use thunderbird. How can one hide the internal address in the mail header using the client program?(POP3) Why would e-mail clients reveal your internal address, to me that defeats the purpose of security!
Wait, please read the link I posted.

Scrubbing those headers isn't a bad thing AFAICT, but you really shouldn't be in a position where scrubbing them makes you feel safer - cuz you won't be. That's kinda the point of the arguments against security through obscurity. That said, I'm not sure how to do that from Thunderbird, or any other mail client. I would actually think this is something you'd wanna do on the mail server itself, but I'm not sure. I'm gonna step aside and let someone more knowledgeable provide you with a definite answer to that. Hang in there.

Last edited by win32sux; 09-03-2007 at 08:22 PM.
 
Old 09-03-2007, 08:26 PM   #5
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Original Poster
Rep: Reputation: 57
One more question:

if my packets are natted from my firewall how can my e-mail provider know my internal address?
 
Old 09-03-2007, 09:55 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by metallica1973 View Post
if my packets are natted from my firewall how can my e-mail provider know my internal address?
I would think the IP is included in a header by Thunderbird before it gets sent to the server.
 
Old 09-07-2007, 08:56 PM   #7
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,113

Original Poster
Rep: Reputation: 57
if I am using pop mail then how can I scrub my headers so that it doesn't give ouy my internal address. It is amazing how everyday I discover something new regarding security! Why hasnt this issue been addressed?
 
Old 09-07-2007, 09:08 PM   #8
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by metallica1973 View Post
if I am using pop mail then how can I scrub my headers so that it doesn't give ouy my internal address.
Maybe find a Thunderbird extension that does this?

Quote:
Why hasnt this issue been addressed?
My guess is the developers don't classify it as a security issue.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables 1:1 NAT Garak Linux - Security 13 12-19-2011 05:03 PM
iptables nat kernelvn Linux - Networking 5 05-03-2005 11:39 AM
IPTABLES : build NAT using IPTABLES joseph Linux - Networking 4 04-23-2004 05:08 AM
iptables and NAT arrruken Linux - Networking 8 10-03-2003 04:17 AM
IPtables +NAT daromer Linux - Networking 1 01-07-2002 11:15 AM


All times are GMT -5. The time now is 09:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration