I have a VMware: 10.10.10.1, a linux in VMware (Guest): 10.10.10.128 and a honeypot on Guest: 10.10.10.15, and my Windows (Host): 192.168.1.11. I can send FTP requests directly from my Host to honeypot and the connection is established. Now I want to send FTP requests to Guest and these forward to my honeypot. I put these rules in iptables on Guest:
iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to-destination 10.10.10.15:21
iptables -t nat -A POSTROUTING -p tcp -s 10.10.10.15 --sport 21 -j SNAT --to-source 10.10.10.128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
But I cannot get the desired result. What can I do?
Note: When the honeypot is running, I can ping it from the Host, but I cannot ping it from the Guest and the result is:
Destination Host Unreachable
Where is my wrong?
If you want to forward FTP request, you cant just forward port 21. FTP use 2 or more connections:
So, if you wan to forward FTP connections, you need to look in your server configuration to check the port range that the FTP server will use to accept client connections (assuming your client connect to the FTP server in "passive mode").
So you need to forward port 21 + all the port defined in the "passive port" range.
But this is not enough, because it's the FTP server that instruct the FTP client on which IP to contact to open the data transmission connection, and usually this is the server IP.
The FTP server has no knowledge of the server you are using to forward the connection.
So you should also tell to your FTP server that his "public IP" is not the IP of the FTP server, but the IP of the server that will accept (and forward) the FTP connection from the client.