Honeypots mailing list archives
RE: Dmz single Ip
From: "Jacob Hurley" <jacobh () aos5 com>
Date: Tue, 4 Mar 2003 05:36:55 -0600
I also needed to be able to setup a 'dmz' with a single ip address. What I did was add a third interface (eth2) on my firewall and connected my dmz network to it (keeping my private LAN on eth1). The I just forwarded all ports that I need to the correct dmz machine eg: 21,22,25,80,443,etc. Next I needed to make sure that my dmz couldn't speak to my LAN, so I added specific drop rules on my firewall from dmz -> lan. Works pretty good, and your next problem - you need ssh to your firewall, and also ssh to your honeypot in dmz. Well, this was easy for me, because on my firewall I don't run ssh on standard port 22, but I like to 'hide' it on 23 or even sometimes a crazier port than that. One thing I thought about doing was just enabling ssh to my firewall from the dmz interface only, and have it listen on some crazy port like ~10000 or higher. Then just ssh to honeypot (port forwarding) as normal, and back to the firewall (I don't like to have many ports open on my firewall, and less interfaces that have the open ports - the better yet ;) With port forwarding you can also have your firewall forward to a different port than it is listening on. This could help to obscure sshing to dmz machine listening on standard port (by sshing to your firewall on say 443 or something, and have that forward to internal 22) - but this is a bit off topic since I am guessing you want your honeypot to be pretty standard. So you could tell your firewall to redirect port 443 to local 22 also, and then just ssh to port 443 on your firewall to get a session with it. Just some ideas. Jacob Hurley Network Operations Center Alexander Open Systems -----Original Message----- From: faysspv () bellsouth net [mailto:faysspv () bellsouth net] Sent: Monday, March 03, 2003 1:39 PM To: honeypots () securityfocus com Subject: Dmz single Ip I've been kicking around the idea to setup a honeypot for some time. The only problem is I'm not sure how to keep my current test network running and implementing a honeypot. The problem is I have only one ip address and I need to be able to access my firewall and honeypot from the same port 22. Any suggestions would be appreciated.
Current thread:
- Dmz single Ip faysspv (Mar 03)
- Re: Dmz single Ip mike (Mar 03)
- <Possible follow-ups>
- Re: Dmz single Ip Michael Anuzis (Mar 03)
- Re: Dmz single IP mike (Mar 03)
- RE: Dmz single Ip Gonzalez, Albert (Mar 03)
- RE: Dmz single Ip Jacob Hurley (Mar 04)