Port Forwarding rules 22
I've looked up everywhere to create prerouting tables adding rules to iptables to no luck getting solved.
Centos 6 distro Ok so what I want to do is forward all traffic on port 22 and forward it to port 2222 so my kippo can listen to it. Everything I try ends up denying the connection. I have turned on portforwarding so I know its not that....It has to be in the rules I setup or there's something I'm missing. |
You're not forwarding over another device, just within the same machine.
First check what rules your nat table holds, its policy and if you need a specific device name: /sbin/iptables -t nat --line-numbers -nvxL then inset at the appropriate place: /sbin/iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222 then check again and post "-t nat --line-numbers -nvxL" output if unsure. |
iptables looks like this
http://i296.photobucket.com/albums/m...psd0dd3f28.png I have also edit the ssh/sshd_config I put Permitrootlogin to no that's it. (edit) I forgot to mention that I turned off the ssh service, but I don't think that has an impact on it. |
Let's start over. Where does Kippo run? On the same machine you're writing rules for or on another machine? If it's on the same machine did you install it here or does it run as a virtualization guest?
|
Well....I believe I answered my own question...
Kippo runs on the same server but not as root...you create another user specific for its purpose. I ended up getting rinetd....to do the port forwarding.... |
WD for answering your own question then. And good luck with Kippo. Personally I would never run a honeypot on a machine unless it was isolated in a DMZ or as virtualization guest...
|
the honeypot actually will be an isolated server....I won't be a part of the other production servers.
|
Well, double-plus good, then!
|
All times are GMT -5. The time now is 08:10 PM. |