Iptable Port Forwarding is not working for Host Only Network

hackingNerd · 02-29-2016, 03:13 PM

Host OS Ubuntu with live(public) IP address 1.2.3.4 .

And a Ubuntu VM running in Virtual Box with Host Only and NAT network configuration. Configuration of both network cards are according to this ttp://christophermaier.name/blog/201...ith-virtualbox.

Now my VM have IP address 192.168.56.101.
I successfully SSH my VM from host. But when i move forward, I implement IPTables rule to forward traffic from host to VM. It is not working. I have enabled IP forwarding at host with #sysctl net.ipv4.ip_forward=1, and added #iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 192.168.56.101:2222 to /etc/iptables/rules.v4.

Now when I ssh my VM from external network with IP address 3.3.3.3 with command #ssh vmusername@1.2.3.4 -p 2222, it stuck. No output. also No logs on my host 1.2.3.4 and VM. I have also added port 2222 in ssh config (/etc/ssh/sshd_config) of my VM.

Host IPTables rules (/etc/iptables/rules.v4)

xxxxx@xxxxx:~$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
UDP udp -- anywhere anywhere ctstate NEW
TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
ICMP icmp -- anywhere anywhere ctstate NEW
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain ICMP (1 references)
target prot opt source destination

Chain TCP (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

Chain UDP (1 references)
target prot opt source destination

Use Case: I have deployed SSH Honeypots in my VM. Any one who will try to SSH my Live IP 1.2.3.4 at port 2222, will be forwarded to SSH honeypot. In honeypot VM all SSH sessions are logged. So in logs I need the real IP of attacker(3.3.3.3).

I have also asked this question on some other forums.

http://www.cnet.com/forums/discussio...14567796487229

http://unix.stackexchange.com/questi...t-am-i-doing-w

pingu_penguin · 02-29-2016, 05:54 PM

try this on the ubuntu live host (1.2.3.4) :

#iptables -t nat -A POSTROUTING -o <interface where ssh connections come in> -j MASQUERADE

pingu_penguin · 02-29-2016, 07:14 PM

My sincere apologies for the confusion.
That above line wont work :S

hackingNerd · 03-01-2016, 01:35 PM

I have no need of post routing. I have setup NAT for my VM to communicate back to world. I only need to make my Host able to forward packets to VM. Thanks for your answer.