Re: Sebek problems with Honeywall in NAT-Mode

[Edward Balas <ebalas () iu edu>]

On Thu, 2 Oct 2003 heiko.helmle () basf-ag de wrote:

> Hello everybody,
>
> I had a little problem getting sebek2 to work in nat-mode. It seems that 
> sebek sends its udp-packets out with a TTL of 1. On a bridging honeywall 
> this is not a problem, but on a NAT-ting firewall, those packets are 
> rejected and never reach the FORWARD-chain (which prevents logging to 
> syslog - snort gets them anyway).

Yeah, sorry about that, Ill send out an update when I get back in town.
Basic deal is that the linux client sets the TTL to 1, and I need to set 
it to something else.
 
> I experimented with the sebek sources and changed the TTL to 2 and the 
> honeywall now logs (and drops) the packets correctly.
>
> Is there any security problem with setting the TTL to something higher 
> than 1 (for NAT and bridge-mode)?

No not really.
> Regards
>          Heiko Helmle