I am setting up honeypot network to trap attackers. I have some routing issues. I have configured static routes in all machines so that I can connect any machine to any machine in the network. I want mechanism such that if traffic comes from attacker to webserver then local router should allow it. If there is any traffic to non existing machines in 172.16.75.0/24 say to 172.16.75.140 then I want to change destination address to that of internal router i.e 172.16.72.128 .To do this I have added following two iptable rules.
- iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -d 172.16.75.129 -j RETURN
- iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -d 172.16.75.0/24 -j DNAT --to-destination 172.16.72.128
But what I expect is not happening when I try to send packet from attacker to 172.16.75.140
