4. Dynamic two way NAT?

Dynamic two way NAT?

  • A

    Hey,

    we would like analyze the networking behaviour of some malware within a self created sandbox. We want to forward any outgoing connection of the sandbox to a analyzing system. For this use case i have created a NAT rule which forward any tcp/udp request to one specific destination:

    Systems in the environment are:
    pfSense => 192.168.0.1
    Sandbox => 192.168.1.1
    Analyzing System => 192.168.2.1

    This works so far. Any connection attempt from the sandbox (192.168.1.1) reaches the analyzing system (192.168.2.1). Thats fine…

    Now we would like to fake some services on the analyzing system to get even more information about networking behaviour. That does not work because the SRC IP of the response is 192.168.2.1 instead the ip which was initially requested. We don't know which IP and port is going to be requested by the malware.

    Do you have any idea how to solve the problem?

    Thank you
    Andreas

    0
  • A

    Any alternatives are welcome ;)

    0
  • A

    problem "solved". I have changed the default gateway on the sandbox to the ip of our analyzing system and added the following iptables rule:

    iptables -t nat -A PREROUTING -s sandbox_ip ! -d analyzing_ip -p tcp -m tcp –dport specific_port -j DNAT --to-destination analyzing_ip

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy