SSH honeypot na ipv6?

Dne 2016-02-06 07:11

Funguje SSH honepot na ipv6? Když zkusím z lan ssh root@ipv6.service.meitner.cz, tak se přihlásím klíčem do turrisu, když zkusím to samé s -p 58732, měl bych se dostat do honeypotu, ale píše to ssh: connect to host ipv6.service.meitner.cz port 58732: Connection refused.

Přitom ssh root@ipv4.service.meitner.cz -p 58732 mne přihlásí do honeypotu. Ten honeypot nejede na ipv6? Nebo mám něco špatně v konfiguraci firewallu?

root@turris:~# cat /etc/config/firewall

config defaults
  option syn_flood '1'
  option input 'ACCEPT'
  option output 'ACCEPT'
  option forward 'REJECT'

config zone
  option name 'lan'
  option input 'ACCEPT'
  option output 'ACCEPT'
  option forward 'ACCEPT'
  option network 'lan vpn'
  option mtu_fix '1'

config zone
  option name 'wan'
  option input 'REJECT'
  option output 'ACCEPT'
  option forward 'REJECT'
  option masq '1'
  option mtu_fix '1'
  option network 'wan wan6 wi_free dd_wrt'

config forwarding
  option src 'lan'
  option dest 'wan'

config rule
  option name 'Allow-DHCP-Renew'
  option src 'wan'
  option proto 'udp'
  option dest_port '68'
  option target 'ACCEPT'
  option family 'ipv4'

config rule
  option name 'OpenVPN'
  option src 'wan'
  option proto 'udp'
  option dest_port '1194'
  option target 'ACCEPT'

config rule
  option name 'Allow-Ping'
  option src 'wan'
  option proto 'icmp'
  option icmp_type 'echo-request'
  option family 'ipv4'
  option target 'ACCEPT'

config rule
  option name 'Allow-DHCPv6'
  option src 'wan'
  option proto 'udp'
  option src_ip 'fe80::/10'
  option src_port '547'
  option dest_ip 'fe80::/10'
  option dest_port '546'
  option family 'ipv6'
  option target 'ACCEPT'

config rule
  option name 'Allow-ICMPv6-Input'
  option src 'wan'
  option proto 'icmp'
  list icmp_type 'echo-request'
  list icmp_type 'echo-reply'
  list icmp_type 'destination-unreachable'
  list icmp_type 'packet-too-big'
  list icmp_type 'time-exceeded'
  list icmp_type 'bad-header'
  list icmp_type 'unknown-header-type'
  list icmp_type 'router-solicitation'
  list icmp_type 'neighbour-solicitation'
  list icmp_type 'router-advertisement'
  list icmp_type 'neighbour-advertisement'
  option limit '1000/sec'
  option family 'ipv6'
  option target 'ACCEPT'

config rule
  option name 'Allow-ICMPv6-Forward'
  option src 'wan'
  option dest '*'
  option proto 'icmp'
  list icmp_type 'echo-request'
  list icmp_type 'echo-reply'
  list icmp_type 'destination-unreachable'
  list icmp_type 'packet-too-big'
  list icmp_type 'time-exceeded'
  list icmp_type 'bad-header'
  list icmp_type 'unknown-header-type'
  option limit '1000/sec'
  option family 'ipv6'
  option target 'ACCEPT'

config include
  option path '/etc/firewall.user'

config include
  option path '/usr/share/firewall/turris'
  option reload '1'

config include
  option path '/etc/firewall.d/with_reload/firewall.include.sh'
  option reload '1'

config include
  option path '/etc/firewall.d/without_reload/firewall.include.sh'
  option reload '0'

config include 'miniupnpd'
  option type 'script'
  option path '/usr/share/miniupnpd/firewall.include'
  option family 'IPv4'
  option reload '1'

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp'
  option src_dport '22'
  option dest_port '58732'
  option name 'SSH honeypot'

config redirect
  option target 'DNAT'
  option src 'wan'
  option dest 'lan'
  option proto 'tcp'
  option src_dport '5555'
  option dest_port '22'
  option name 'SSH redirect'

config rule
        option name '6in4 tunel'
        option family 'ipv4'
        option src 'wan'
        option src_ip '216.66.86.122'   #Server IPv4 address
        option proto '41'
        option target 'ACCEPT'