Thread: KVM Guest as DMZ Server?
i'm toying around networking bit , decided wanted set vm honeypot. well, i've been working days , got tap interface working kvm (which huge pain if you're newbie!). so, got set , set router use 192.168.1.102 (my vm guest) dmz server , i've been getting kind of sporadic behavior. so, first let me post set-up:
/etc/network/interfaces:code:auto lo iface lo inet loopback # bridge network interface(s) auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_maxwait 2 bridge_ageing 0 /sbin/ifconfig eth0 inet 0.0.0.0 promisc auto eth0 iface eth0 inet static address 192.168.1.101 netmask 255.255.255.0
`ifconfig` (with kvm running):router configuration:code:br0 link encap:ethernet hwaddr 00:21:9b:dd:bf:cb inet addr:192.168.1.4 bcast:192.168.1.255 mask:255.255.255.0 inet6 addr: fe80::221:9bff:fedd:bfcb/64 scope:link broadcast running multicast mtu:1500 metric:1 rx packets:14748 errors:0 dropped:0 overruns:0 frame:0 tx packets:8957 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 rx bytes:19127982 (19.1 mb) tx bytes:968037 (968.0 kb) eth0 link encap:ethernet hwaddr 00:21:9b:dd:bf:cb inet addr:192.168.1.101 bcast:192.168.1.255 mask:255.255.255.0 inet6 addr: fe80::221:9bff:fedd:bfcb/64 scope:link broadcast running promisc multicast mtu:1500 metric:1 rx packets:61975 errors:0 dropped:0 overruns:0 frame:0 tx packets:39547 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 rx bytes:82160782 (82.1 mb) tx bytes:4840093 (4.8 mb) interrupt:16 lo link encap:local loopback inet addr:127.0.0.1 mask:255.0.0.0 inet6 addr: ::1/128 scope:host loopback running mtu:16436 metric:1 rx packets:252 errors:0 dropped:0 overruns:0 frame:0 tx packets:252 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 rx bytes:35579 (35.5 kb) tx bytes:35579 (35.5 kb) tap0 link encap:ethernet hwaddr 2e:b8:98:32:cb:8c inet6 addr: fe80::2cb8:98ff:fe32:cb8c/64 scope:link broadcast running multicast mtu:1500 metric:1 rx packets:95 errors:0 dropped:0 overruns:0 frame:0 tx packets:3555 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 rx bytes:9912 (9.9 kb) tx bytes:634130 (634.1 kb) virbr0 link encap:ethernet hwaddr 2a:48:14:b2:13:30 inet addr:192.168.122.1 bcast:192.168.122.255 mask:255.255.255.0 broadcast running multicast mtu:1500 metric:1 rx packets:0 errors:0 dropped:0 overruns:0 frame:0 tx packets:78 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 rx bytes:0 (0.0 b) tx bytes:7788 (7.7 kb)
- acts dhcp server, 192.168.1.4 , 192.168.1.102 both reserved respective mac addresses
- port forwards several ports 192.168.1.4 - includes http,ssh , more
- dmz server set 192.168.1.102
testing, did clear iptables rules guest's filter table. have set no iptables rules on vm host.
now, if these tests using 192.168.1.x addresses, seems work fine.
1. ping me.mydomain.com (me.mydomain.com forwards actual ip address) - works
2. ssh me.mydomain.com - gives me host hash of vm's ssh server
3. http://me.mydomain.com/ - times out (there no http server set up)
4. telnet me.mydomain.com 86 - connection times out. one, when using 192.168.1.102, icmp rejection.
tried setting vm host dmz server , setting iptables rules dnat/snat ports guest , didn't fly either.
can explain me did wrong?
i figured out problem was: router drops connection attempts don't have listening socket attached. in case testing port knocking scheme. packet made router, since nothing listening on port dropped connection. works if use tool nmap or knock.
Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Networking & Wireless [SOLVED] KVM Guest as DMZ Server?
Ubuntu
Comments
Post a Comment