IPTalbes Unable to port forward to Host Only Networked VM

Discussion in 'General Networking Discussion' started by hackingNerd, Feb 28, 2016.

  1. hackingNerd

    hackingNerd

    Joined:
    Feb 28, 2016
    Messages:
    1
    Likes Received:
    0
    **Host OS Ubuntu** with live(public) IP address `1.2.3.4` .

    And a **Ubuntu VM** running in Virtual Box with **Host Only** and **NAT** network configuration. NAT to make my VM able to communicate with world.

    Now my VM have IP address `192.168.56.101`.
    I successfully SSH my VM from host. But when i move forward, I implement IPTables rule to forward traffic from host to VM. It is not working. I have enabled IP forwarding at host with `#sysctl net.ipv4.ip_forward=1`, and added `#iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 192.168.56.101:2222` to /etc/iptables/rules.v4.

    Now when I ssh my VM from external network with IP address `3.3.3.3` with command `#ssh vmusername@1.2.3.4 -p 2222`, it stuck. No output. also No logs on my host `1.2.3.4` and `VM`. I have also added port `2222` in ssh config (/etc/ssh/sshd_config) of my VM.

    **Host IPTables rules (/etc/iptables/rules.v4)**
    `xxxxx@xxxxx:~$ iptables -L`
    `Chain INPUT (policy ACCEPT)`
    `target prot opt source destination`
    `ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED`
    `ACCEPT all -- anywhere anywhere`
    `DROP all -- anywhere anywhere ctstate INVALID`
    `UDP udp -- anywhere anywhere ctstate NEW`
    `TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW`
    `ICMP icmp -- anywhere anywhere ctstate NEW`
    `REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable`
    `REJECT tcp -- anywhere anywhere reject-with tcp-reset`
    `REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable`

    `Chain FORWARD (policy ACCEPT)`
    `target prot opt source destination`

    `Chain OUTPUT (policy ACCEPT)`
    `target prot opt source destination`

    `Chain ICMP (1 references)`
    `target prot opt source destination`

    `Chain TCP (1 references)`
    `target prot opt source destination`
    `ACCEPT tcp -- anywhere anywhere tcp dpt:ssh`

    `Chain UDP (1 references)`
    `target prot opt source destination`

    **Use Case:** I have deployed SSH Honeypots in my VM. Any one who will try to SSH my Live IP `1.2.3.4` at port `2222`, will be forwarded to SSH honeypot. In honeypot VM all SSH sessions are logged. So in logs I need the real IP of attacker(`3.3.3.3`).

    **Request:** I have already discussed this issue on some forums online, my luck :-(. I have tried my best and still trying. I would be greatly thankful to a person who can help me or suggest me any alternative approach which could satisfy my use case.

    If you found difficulty in understanding or it is basic. I am sorry Sir! I am a student of networks.
     
    hackingNerd, Feb 28, 2016
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.