How to Keep The Original IP Address After Being Forwarded?
by rama12345 from LinuxQuestions.org on (#56NB1)
I have a question, Is there any way to forward the IP Address without hide the real IP Address ??
Ok, let me tell you about my problem..
I have 3 ip address..
1. As a honeypot, I used the Kippo, it has a port 22 as SSH. The attackers want to attack this port
2. As a firewall (kali linux) and Protected system
3. As a attacker
I want to forward the IP Address of the attackers to the honeypot. But the Attackers attack the proteced system..
I Used the IP Tables to forward the IP Address Attackers to the Honeypot. So the attackers Will feel attacks the real system. But absolutely not..
Here's my IP Tables configuration..
#echo "1" > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination 192.168.43.42
#iptables -t nat -A POSTROUTING -j SNAT --to 192.168.43.216
when I tried that, the IP Address that are detected in the honeypot is the IP Address of the Protected System, not the IP Address of the Attackers. It looks like the protected system is attacking itself..
when I read at the some articles, when we used the SNAT or MASQUERATE, the original ip address will be modified into where the firewall is..
do you know any way to keep the original IP Address after being forwarded? Thanks!
Ok, let me tell you about my problem..
I have 3 ip address..
1. As a honeypot, I used the Kippo, it has a port 22 as SSH. The attackers want to attack this port
2. As a firewall (kali linux) and Protected system
3. As a attacker
I want to forward the IP Address of the attackers to the honeypot. But the Attackers attack the proteced system..
I Used the IP Tables to forward the IP Address Attackers to the Honeypot. So the attackers Will feel attacks the real system. But absolutely not..
Here's my IP Tables configuration..
#echo "1" > /proc/sys/net/ipv4/ip_forward
#iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination 192.168.43.42
#iptables -t nat -A POSTROUTING -j SNAT --to 192.168.43.216
when I tried that, the IP Address that are detected in the honeypot is the IP Address of the Protected System, not the IP Address of the Attackers. It looks like the protected system is attacking itself..
when I read at the some articles, when we used the SNAT or MASQUERATE, the original ip address will be modified into where the firewall is..
do you know any way to keep the original IP Address after being forwarded? Thanks!