Logging communication between two VMs
- by sYnfo
Hi,
I'm trying to set up "malware lab" described in this paper.
So far, I've set up Windows guest system, adding one Host-only Network adapter, and setting this (sorry if the names aren't exactely correct, I don't have an english language version):
- IP Address - 10.0.0.3
- Subnet mask - 255.255.255.0
- Default gateway - not set
- Preferred DNS - 10.0.0.4
- Alternate DNS - not set
And a Linux guest system - Ubuntu 9.04 - with two Network adapters - Bridged (eth0) and Host-only (eth1), and setting eth1 IP Address to 10.0.0.4, leaving the eth0 to be set by DHCP. Then, I have configured iptables as described in the paper, ie.:
iptables -F -t nat
iptables -F -t mangle
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -A PREROUTING -i eth0 -j ACCEPT
iptables -t mangle -A PREROUTING -p udp -i eth1 -d 10.0.0.3 --dport 53 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -i eth1 --dport 80 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -i eth1 -d 10.0.0.3 --dport 6000:7000 -j ACCEPT
iptables -t mangle -A PREROUTING -i eth1 -j ULOG
iptables -t mangle -A PREROUTING -i eth1 -j DROP
Now, when I try to ping the windows system from within the Linux system, it does not reply, I guess thats perfectly normal, because iptables is blocking ping responce. Same when I try to ping the Linux system from within the Windows. But when I try to access any web page from within the Windows system, I would expect that this action should get logged by iptables. But thing is, I don't see any of that kind of lines in log file (If I am looking in the right place, that is. :) It is at /var/log/messages, isn't it?). So, what do you think might be the problem here?
I should note, that this is the first time I'm using linux, so don't expect ANY working knowledge of Linux at all... :) Also, since english is not my mother tongue, feel free to point out any gramatical mistakes... :)
Thanks for any advice.