1. Home
  2. pfSense® Software
  3. NAT
  4. Dynamic two way NAT?

Dynamic two way NAT?

  • A

    Hey,

    we would like analyze the networking behaviour of some malware within a self created sandbox. We want to forward any outgoing connection of the sandbox to a analyzing system. For this use case i have created a NAT rule which forward any tcp/udp request to one specific destination:

    Systems in the environment are:
    pfSense => 192.168.0.1
    Sandbox => 192.168.1.1
    Analyzing System => 192.168.2.1

    This works so far. Any connection attempt from the sandbox (192.168.1.1) reaches the analyzing system (192.168.2.1). Thats fine…

    Now we would like to fake some services on the analyzing system to get even more information about networking behaviour. That does not work because the SRC IP of the response is 192.168.2.1 instead the ip which was initially requested. We don't know which IP and port is going to be requested by the malware.

    Do you have any idea how to solve the problem?

    Thank you
    Andreas

    0
  • A

    Any alternatives are welcome ;)

    0
  • A

    problem "solved". I have changed the default gateway on the sandbox to the ip of our analyzing system and added the following iptables rule:

    iptables -t nat -A PREROUTING -s sandbox_ip ! -d analyzing_ip -p tcp -m tcp –dport specific_port -j DNAT --to-destination analyzing_ip

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy