Host OS Ubuntu with live(public) IP address 1.2.3.4 .
And a Ubuntu VM running in Virtual Box with Host Only and NAT network configuration. Configuration of both network cards are according to this
ttp://christophermaier.name/blog/201...ith-virtualbox.
Now my VM have IP address 192.168.56.101.
I successfully SSH my VM from host. But when i move forward, I implement IPTables rule to forward traffic from host to VM. It is not working. I have enabled IP forwarding at host with
#sysctl net.ipv4.ip_forward=1, and added
#iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 192.168.56.101:2222 to /etc/iptables/rules.v4.
Now when I ssh my VM from external network with IP address 3.3.3.3 with command
#ssh vmusername@1.2.3.4 -p 2222, it stuck. No output. also No logs on my host 1.2.3.4 and VM. I have also added port
2222 in ssh config (/etc/ssh/sshd_config) of my VM.
Host IPTables rules (/etc/iptables/rules.v4)
xxxxx@xxxxx:~$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
UDP udp -- anywhere anywhere ctstate NEW
TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
ICMP icmp -- anywhere anywhere ctstate NEW
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ICMP (1 references)
target prot opt source destination
Chain TCP (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain UDP (1 references)
target prot opt source destination
Use Case: I have deployed SSH Honeypots in my VM. Any one who will try to SSH my Live IP 1.2.3.4 at port 2222, will be forwarded to SSH honeypot. In honeypot VM all SSH sessions are logged. So in logs I need the real IP of attacker(3.3.3.3).
I have also asked this question on some other forums.
http://www.cnet.com/forums/discussio...14567796487229
http://unix.stackexchange.com/questi...t-am-i-doing-w