Honeypots mailing list archives

RE: Dmz single Ip

From: "Jacob Hurley" <jacobh () aos5 com>
Date: Tue, 4 Mar 2003 05:36:55 -0600


I also needed to be able to setup a 'dmz' with a single ip address.
What I did was add a third interface (eth2) on my firewall and connected
my dmz network to it (keeping my private LAN on eth1).  The I just
forwarded all ports that I need to the correct dmz machine eg:
21,22,25,80,443,etc.

Next I needed to make sure that my dmz couldn't speak to my LAN, so I
added specific drop rules on my firewall from dmz -> lan.  Works pretty
good, and your next problem - you need ssh to your firewall, and also
ssh to your honeypot in dmz.  Well, this was easy for me, because on my
firewall I don't run ssh on standard port 22, but I like to 'hide' it on
23 or even sometimes a crazier port than that.  One thing I thought
about doing was just enabling ssh to my firewall from the dmz interface
only, and have it listen on some crazy port like ~10000 or higher.  Then
just ssh to honeypot (port forwarding) as normal, and back to the
firewall (I don't like to have many ports open on my firewall, and less
interfaces that have the open ports - the better yet ;)

With port forwarding you can also have your firewall forward to a
different port than it is listening on.  This could help to obscure
sshing to dmz machine listening on standard port (by sshing to your
firewall on say 443 or something, and have that forward to internal 22)
- but this is a bit off topic since I am guessing you want your honeypot
to be pretty standard.  So you could tell your firewall to redirect port
443 to local 22 also, and then just ssh to port 443 on your firewall to
get a session with it.

Just some ideas.


Jacob Hurley
Network Operations Center
Alexander Open Systems

-----Original Message-----
From: faysspv () bellsouth net [mailto:faysspv () bellsouth net] 
Sent: Monday, March 03, 2003 1:39 PM
To: honeypots () securityfocus com
Subject: Dmz single Ip

I've been kicking around the idea to setup a honeypot for some time. 
The only problem is I'm not sure how to keep my current test network
running and implementing a honeypot.  The problem is I have only one
ip address and I need to be able to access my firewall and honeypot
from the same port 22.  Any suggestions would be appreciated.

Current thread:

Dmz single Ip faysspv (Mar 03)
- Re: Dmz single Ip mike (Mar 03)
- <Possible follow-ups>
- Re: Dmz single Ip Michael Anuzis (Mar 03)
- Re: Dmz single IP mike (Mar 03)
- RE: Dmz single Ip Gonzalez, Albert (Mar 03)
- RE: Dmz single Ip Jacob Hurley (Mar 04)