When doing runtime analysis, behavioural and runtime debugging, your sample might be querying a bunch of IP addresses. So it’ll be useful if your gateway host could pretend to be all IPs. Here’s how you do it:
iptables -t nat -A PREROUTING -i eth0 -j REDIRECT
To turn it back off:
iptables -t nat -D PREROUTING -i eth0 -j REDIRECT
If you’re using REMnux for your analysis platform, it has the script:
accept-all-ips start
accept-all-ips stop