I'm having some issues getting Honeyd to work properly on an external network interface on Ubuntu 20 LTS running on a Proxmox server. I'm fairly sure it's a configuration/setup problem on the VM I'm running it on, as the config file works okay when it's run listening on the lo interface with a route added to redirect traffic for the honeypot IP to lo.
Currently it's responding fine to ICMP pings but seems to totally ignore TCP packets. Using tcpdump I can see farpd responding to the ARP requests and the SYN packets are arriving at the correct interface but no logs are being generated on Honeyd and no response is being sent.
My current config file looks like this:
create default
set default default tcp action filtered
set default default udp action filtered
set default default icmp action filtered
create template
add template tcp port 55554 open
set template personality "Siemens Simatic 300 programmable logic controller"
add template tcp port 102 proxy 127.0.0.1:102
add template tcp port 55555 open
bind 10.1.1.15 template
It's a bit of a mess right now as I've been adding bits to test it out to see if the order of adding things mattered.
Anyone got any idea what I need to look at/am doing wrong? Happy to dump any other info needed in here, just let me know what would help.
