I have a problem with my project. My project is how to deflect the attacker to the honeypot. I tried using the IPTables to forward any IP Address that want to access the protected network to the honeypot IP Address..

In this case I have 3 IP Address..
a. 192.168.43.42 --> It's a Honeypot
b. 192.168.43.216 --> It's a Protected Network/System
c. 192.168.43.156 --> It's a Attacker

I tried to configure the IPTables like this..
The honeypot that I used is a Kippo SSH. That's why the port is 22


(This command is implented in the protected system --> 192.168.43.216)


# echo "1" > /proc/sys/net/ipv4/ip_forward

# iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination 192.168.43.42

# iptables -t nat -A POSTROUTING -j MASQUERADE



After I tried that, the honeypot can detect the attacker!

But, the IP Address that are detected in the honeypot is the IP Address of the Protected System, not the IP Address of the Attackers. It looks like the protected system is attacking itself ..

Do you know how to show the IP Address of the Attackers? not the IP Address that has the Firewall (Protected System)..

Thank you!```

Read the LQ Rules; don't post the same question multiple times. Thread reported.
https://www.linuxquestions.org/quest...ed-4175679985/