Sebek problems with Honeywall in NAT-Mode

[heiko.helmle () basf-ag de]

Hello everybody,

I had a little problem getting sebek2 to work in nat-mode. It seems that 
sebek sends its udp-packets out with a TTL of 1. On a bridging honeywall 
this is not a problem, but on a NAT-ting firewall, those packets are 
rejected and never reach the FORWARD-chain (which prevents logging to 
syslog - snort gets them anyway).

I experimented with the sebek sources and changed the TTL to 2 and the 
honeywall now logs (and drops) the packets correctly.

Is there any security problem with setting the TTL to something higher 
than 1 (for NAT and bridge-mode)?


Regards
         Heiko Helmle