I'm running Docker on NAS in a home network behind a FritzBox router. Mail and web server are dockerized, external ports 22, 80, 443 are forwarded to the respektive ports on the NAS, Traefik serves as reverse proxy.
While traefik works fine thanks for X-Forwarded headers and HTTP 1.1 Host headers, I'm unable to setup fail2ban to block excessive login attempts of rogue clients. Thanks to NAT on the router, the mail container always seems the router's IP as source.
Server logs look like this:
dovecot: auth: passwd-file(luv5#xn--...,172.19.0.1): unknown user (SHA1 of given password: 63f39e)
postfix/smtpd[1118]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
postfix/smtpd[1118]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
postfix/smtpd[1028]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: Connection lost to authentication server
postfix/smtpd[1028]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
postfix/smtpd[1066]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: Connection lost to authentication server
postfix/smtpd[1066]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
dovecot: auth: passwd-file(mathew#xn--...,172.19.0.1): unknown user (SHA1 of given password: 011c94)
postfix/smtpd[2295]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
postfix/smtpd[2295]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36922 to [172.19.0.11]:25
postfix/postscreen[1020]: PASS OLD [172.19.0.1]:36922
postfix/smtpd[1118]: connect from unknown[172.19.0.1]
postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36948 to [172.19.0.11]:25
dovecot: auth: passwd-file(psycho#xn--...,172.19.0.1): unknown user (SHA1 of given password: 7c4a8d)
postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36950 to [172.19.0.11]:25
postfix/smtpd[1118]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
postfix/smtpd[1118]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36958 to [172.19.0.11]:25
postfix/postscreen[1020]: PASS OLD [172.19.0.1]:36948
postfix/smtpd[2295]: connect from unknown[172.19.0.1]
postfix/postscreen[1020]: PASS OLD [172.19.0.1]:36950
postfix/smtpd[1066]: connect from unknown[172.19.0.1]
Is there anything that can be done to get fail2ban to block based on IP address for SMTP behind NAT (except for using an "exposed host")?
Thanks to NAT on the router, the mail container always seems the router's IP as source.
If you're able at all to capture from log/journal an originated IP (or something else identifying the intruder) in the filter, you could:
write own failregex or filter capturing forwarded IP, session or username (something you can use as ID to identify intruder), then ...
either try to implement a solution described in our wiki - How to ban something other as host (IP address), like user or mail, etc.
or write some actions like https://github.com/fail2ban/fail2ban/blob/0.10/config/action.d/nginx-block-map.conf (banning intruder resp. rejecting its connection on web-server or mail-service side)
or write your own action to notify your proxying service, in order to ban the originated IP on the other side (no idea traefik has something like that, but there is still open RFE about that - https://github.com/containous/traefik/issues/4026).
Also note similar question - How to implement fail2ban with Traefik
Related
I manated to lock myself out of SSH on an Canonical-Ubuntu-22.04 SSH always free server. do anyone know how i can get access back?
PS C:\Users\mikel> ssh -i ~/.ssh/ssh-key-2022-10-19.key ubuntu#129.xxx.200.16
ssh: connect to host 129.xxx.200.16 port 22: Connection refused
ssh: connect to host 129.xxx.200.16 port 22: Connection refused
means the remote host is sending the reject flags back, it can be due to
firewall blocking ssh port
iptables blocking port 22
security groups (Ingress, egress) blocking port 22
First check if you have allowed port 22 in console, if yes
then login to instance via console connection and then try to debug 1,2 points
I want to have a database on my laptop and grant permissions and access to my friends so they can read/write from their home. What I have done so far:
Downloaded MySQL on both devices
set up user and granted permission on the local server using
CREATE USER 'MyUserName'#'%' IDENTIFIED BY 'MyPassword';
GRANT INSERT, SELECT ON *.* TO 'MyUserName'#'%';
FLUSH PRIVILEGES;
tried finding bind-address from my.ini file but there was no such line. I ran
show global variables like 'bind_address'; and I got the value * so I guess it allows remote access.
Restarted MySQL80 service on both devices
Checked that inbound firewall rules allow access to port 3306 (MySQL had already set a few rules so I left them as is)
Tried connecting from remote server using MySQL shell (i got the public IP from icanhazip.com)
\connect MyUserName#<public IP for my server 92.-.-.->
It prompts me for the password but after I enter it I get
MySQL Error 1045: Access denied for user 'MyUserName'#'<the IP address>' (using password: YES)
I tried testing connection using powershell:
test-netconnection -computername -port 3306
but it says:
WARNING: TCP connect to (<IP>) : 3306) failed
WARNING: Ping to <IP> failed with status: TimedOut
I even tried testing connection on the same local computer with the same command (using the public and private IPs) and it failed. I'm not sure where to go from here. I have looked at other similar questions on stack but they all seem to be addressing one of these things that I have done.
There was one more firewall that I forgot about which was on my default gateway. To get around this it really depends on the router but what I did was:
open cmd and type ipconfig and look for Default Gateway
type that IP in my browser and log into my router
find LAN IP Setup and reserve my IP for my device
find the security options and firewall rules and have allow inbound and outbound rules to my private IP and forward the port.
I changed my port from 3306 to 3310 due to it not being able to start mySQL in the xampp control panel.
That was the only change I made my from the default windows 10 download.
When I go to https://localhost/phpmyadmin/ I get these errors and cant log see the log in form.
Error
MySQL said: Documentation
Cannot connect: invalid settings.
mysqli_real_connect(): The server requested authentication method unknown to the client [caching_sha2_password]
mysqli_real_connect(): (HY000/2054): The server requested authentication method unknown to the client
Connection for controluser as defined in your configuration failed.
mysqli_real_connect(): The server requested authentication method unknown to the client [caching_sha2_password]
mysqli_real_connect(): (HY000/2054): The server requested authentication method unknown to the client
phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should check the host, username and password in your configuration and make sure that they correspond to the information given by the administrator of the MySQL server.
Retry to connect
Any help would be greatly appreciated
<-- ErrorPacket { fieldCount: 255, errno: 1045, sqlStateMarker:
'#', sqlState: '28000', message: 'Access denied for user
\'eazy_db\'#\'122.179.102.170\' (using password: YES)' }
Problem with MySQLError: ER_ACCESS_DENIED_ERROR: Access denied for
user 'eazy_db'#'122.179.102.170' (using password: YES)
Getting this error when node server is started. 122.179.102.170 is the router ip address instead of my server ip address.
If you can SSH into your server that is hosting your DB, type in the following Linux command to get your server's IP Address: ifconfig
The response from that command will look like this:
Notice the eth0 block. I highlighted it in a blue box.
That is the I.P. address of your MySQL server.
If you cannot SSH into the server that is hosting your MySQL database, I recommend following these steps and obtaining the Database Host name from the GoDaddy Console: Setting up an Access Database for Your Hosting Account
I installed Redmine 2.6.1.1 using Bitnami on Win 7, but couldn't figure out why redmine cannot send any email. I edited the configuration.yml file under \redmine-2.6.1-1\apps\redmine\htdocs\config and tried to send a test mail via both Gmail and our own e-mail server, but it didn't work.
My configuration.yml file is just like below:
default:
email_delivery:
delivery_method: :smtp
smtp_settings:
enable_starttls_auto: true
address: smtp.gmail.com
port: 587
domain: smtp.gmail.com
authentication: :plain
user_name: "someusername#gmail.com"
password: "somepassword"
In this configuration the error is:
an error occurred while sending mail (a socket operation was attempted to an unreachable network. - connect (2))
If I change the address and domain values with IP addresses then the error becomes:
an error occurred while sending mail (Permission denied - connect(2))
If I try to configure it with the values of our own mail server, then I still get the second error (permission denied).
I tried it in another PC and it worked. However, the same configuration in the old PC, it does not work. 2 PCs are in the same network and the only difference between 2 installations is that I did not configure mail settings during the Bitnami installtion in the old machine. After the installation was completed, I modified configuration.yml. However, in the new PC, I configured it during the installation.
I could solve the problem finally. The reason is McAfee security. When I disable McAfee's "Access Protection" task, it worked without any problem.