Fail2ban Pass-through Server ???

Discussion in 'Installation/Configuration' started by PK232, Jul 23, 2022.

  1. PK232

    PK232 New Member

    I am looking for a URL that would give some assistance on setting up a Fail2ban pass-through server. For instance, traffic on port 25 would be directed from the outside world to the Fail2ban server and any traffic that passed muster would then be retransmited to a mail server on the LAN using a different port. So far all of my searches have only found URLs that are useful for installing Fail2ban on the same server as the application it is protecting.
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Maybe Fail2ban is not suitable for the scenario you describe? Fail2ban blocks the IP the malicious traffic comes from, so in your case it would ban the IP of the host with the port 25 forwarding.
    Why not install Fail2ban on the e-mail server?
  3. Steini86

    Steini86 Active Member

    fail2ban reads the (local) logfiles and creates bans (firewall rules) based on this. fail2ban does not see or analyze the traffic. It just observes the logfiles and when there is a given entry, it executes an action, which is usually to set a firewall rule to drop all traffic from this IP (for a given port or all).
    So, fail2ban is intended to run on the server that has the logfiles. Otherwise you would need to transfer the logfiles to your other server (could be done for example if you mount the folder remotely). But in my opinion that increases the complexity and complexity is the enemy of security.

    What you probably want is to run fail2ban on the mail server but create the firewall ban rules on the router. For this to work you need the fail2ban script to be able to connect to your router and create firewall rules there. I would advise against this solution, but in general, you define your own fail2ban action and in the action file define the ssh command like shown here:
    Now, for mikrotik routers there exists an API which is used here:

    You get a lot of disadvantages with the benefit of a transferring (very little) load from your server to your router. (but usually, your server is more powerful than your router). And if you do not understand fail2ban and firewalls you risk to create a lot of side-effects that do more harm.
  4. PK232

    PK232 New Member

    Thanks to both of you for your replies. I have fail2ban on a ssh server and was hoping to piggy back on that since there are no email logins from the WAN side, but clearly I have not thought it through. I will have to think about it some more. Thank you again
    Steini86 likes this.

Share This Page