Ping to Honeyd virtual host replying Destination Host Unreachable
I have installed and am running honeyd and farpd successfully on Ubuntu 13.10. But, now the problem is:
Pinging the virtual host from honeyd host (and from any other local network machine) ping IP_virtual_host Output: Destination host unreachable So, I took the following steps to try to find the problem: 1) #nmap IP_virtual_host Output: Host seems down. But, it's not really down. S, I ran it with -Pn option. 2) #nmap -Pn IP_virtual host Output: Host is up. All 1000 ports scanned are filtered. So, I checked the ports from blocking. 3) I flushed the iptables and created new rules allowing all incoming and outgoing traffic from honeyd host and virtual hosts. There is no hardware firewall. 4) Added "set template_name tcp/udp/icmp default action open" to honeyd.conf file for both virtual router and virtual hosts (all open only for the time being). So, router rules also allow ICMP traffic. After taking all these steps, I am still getting destination host unreachable on pinging my virtual hosts from honeyd host and local machines. And nmap is still giving output as mentioned in steps 1 and 2. I am stuck after hours of searching and reading. Please feel free to point out my mistakes. Thanks in advance. |
Looks like a routing problem to me?.. Posting 'ifconfig -a; route -n; sysctl net.ipv4.ip_forward; iptables-save' on the host, your (f)arpd and honeyd configuration and any log or stdout/stderr output may be a start.
//NTLB |
I'm having the same issue. The VM is on the 192.168.122.0/24 It's IP is 192.168.122.2 The virt-manager that is hosting it is 192.168.0.248
The box I'm trying to reach it from is on the same WiFi router 192.168.0.1 and it's address is 192.168.0.249 Here are what you asked for from the one that is having the host unreachable error (rocky it is running rocky linux) Error message rocky ~]$ ping 192.168.122.2 PING 192.168.122.2 (192.168.122.2) 56(84) bytes of data. From 192.168.0.1 icmp_seq=2 Redirect Host(New nexthop: 192.168.122.2) From 192.168.0.1 icmp_seq=1 Destination Host Unreachable From 192.168.0.1 icmp_seq=2 Destination Host Unreachable rocky ~]$ ifconfig -a eno1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 3c:d9:2b:52:01:f3 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 20 memory 0xfe400000-fe420000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 16 bytes 1456 (1.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16 bytes 1456 (1.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255 ether 52:54:00:f5:74:59 txqueuelen 1000 (Ethernet) RX packets 146 bytes 17616 (17.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 169 bytes 24456 (23.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::fc54:ff:fefd:d8b3 prefixlen 64 scopeid 0x20<link> ether fe:54:00:fd:d8:b3 txqueuelen 1000 (Ethernet) RX packets 146 bytes 19660 (19.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 30687 bytes 1616388 (1.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlp0s26u1u5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.249 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 fe80::dc3b:8a9b:7b8c:b3b9 prefixlen 64 scopeid 0x20<link> inet6 2600:100c:a105:14ce:9dae:a512:df36:c9d2 prefixlen 64 scopeid 0x0<global> ether 9c:ef:d5:fb:41:a5 txqueuelen 1000 (Ethernet) RX packets 329962 bytes 135670578 (129.3 MiB) RX errors 0 dropped 487 overruns 0 frame 0 TX packets 187727 bytes 55040777 (52.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 rocky ~]$ sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 # Generated by iptables-save v1.8.5 on Fri Dec 22 10:32:41 2023 *filter :INPUT ACCEPT [118318:18229976] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [93885:28410220] :LIBVIRT_INP - [0:0] :LIBVIRT_OUT - [0:0] :LIBVIRT_FWO - [0:0] :LIBVIRT_FWI - [0:0] :LIBVIRT_FWX - [0:0] -A INPUT -j LIBVIRT_INP -A FORWARD -j LIBVIRT_FWX -A FORWARD -j LIBVIRT_FWI -A FORWARD -j LIBVIRT_FWO -A OUTPUT -j LIBVIRT_OUT -A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 53 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 68 -j ACCEPT -A LIBVIRT_FWO -s 192.168.100.0/24 -i virbr0 -j ACCEPT -A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWI -d 192.168.100.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT COMMIT # Completed on Fri Dec 22 10:32:41 2023 # Generated by iptables-save v1.8.5 on Fri Dec 22 10:32:41 2023 *security :INPUT ACCEPT [116091:17927438] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [93924:28422848] COMMIT # Completed on Fri Dec 22 10:32:41 2023 # Generated by iptables-save v1.8.5 on Fri Dec 22 10:32:41 2023 *raw :PREROUTING ACCEPT [122518:19646956] :OUTPUT ACCEPT [93924:28422848] COMMIT # Completed on Fri Dec 22 10:32:41 2023 # Generated by iptables-save v1.8.5 on Fri Dec 22 10:32:41 2023 *mangle :PREROUTING ACCEPT [122518:19646956] :INPUT ACCEPT [118359:18242554] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [93924:28422848] :POSTROUTING ACCEPT [93973:28430511] :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT -A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Fri Dec 22 10:32:41 2023 # Generated by iptables-save v1.8.5 on Fri Dec 22 10:32:41 2023 *nat :PREROUTING ACCEPT [6413:1722919] :INPUT ACCEPT [40:12332] :POSTROUTING ACCEPT [17534:1122800] :OUTPUT ACCEPT [17534:1122800] :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT -A LIBVIRT_PRT -s 192.168.100.0/24 -d 224.0.0.0/24 -j RETURN -A LIBVIRT_PRT -s 192.168.100.0/24 -d 255.255.255.255/32 -j RETURN -A LIBVIRT_PRT -s 192.168.100.0/24 ! -d 192.168.100.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.100.0/24 ! -d 192.168.100.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.100.0/24 ! -d 192.168.100.0/24 -j MASQUERADE COMMIT # Completed on Fri Dec 22 10:32:41 2023 rocky ~]$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 255.255.255.255 UH 600 0 0 wlp0s26u1u5 0.0.0.0 192.168.0.1 0.0.0.0 UG 600 0 0 wlp0s26u1u5 192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp0s26u1u5 192.168.10.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp0s26u1u5 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 192.168.122.0 192.168.0.1 255.255.255.255 UGH 0 0 0 wlp0s26u1u5 rocky ~]$ ip route 0.0.0.0 dev wlp0s26u1u5 proto static scope link metric 600 default via 192.168.0.1 dev wlp0s26u1u5 proto dhcp src 192.168.0.249 metric 600 192.168.0.0/24 dev wlp0s26u1u5 proto kernel scope link src 192.168.0.249 metric 600 192.168.10.0/24 dev wlp0s26u1u5 proto static scope link metric 600 192.168.100.0/24 dev virbr0 proto kernel scope link src 192.168.100.1 192.168.122.0 via 192.168.0.1 dev wlp0s26u1u5 I added the 192.168.122.0 route via 192.168.0.1 I also added the route on the router 192.168.0.1 to the 192.168.122.0/24 subnet Name Destination Gateway Netmask Metric Status Network (Home/Office) 192.168.122.0 192.168.0.1 255.255.255.0 1 Applied |
All times are GMT -5. The time now is 05:06 PM. |