Honeypots mailing list archives
VMWare / Honeywall bridging problems
From: "Matthew Franz" <mdfranz () gmail com>
Date: Mon, 15 May 2006 15:53:51 -0500
So I've seen some of the documentation on binding the 3 honeywall interfaces to 3 physical interfaces as well as http://www.honeynet.org.pk/honeywall/roo/page2b.htm which shows how to run the attacker, honeywall and honeypots all within VMWare, but I'm still running into some issues with bridging. I'm using GSX Server 3.2.1 (also tried VMWare Server Beta) Host - Debian Sarge ---------------------------- eth0 - interface up, no IP assigned -- this is what I want the exposed interface to be eth1 - management interface for host / tunnel GSX console over SSH Honeywall (Roo-VMWware) -------------------------------------- eth0 (bridge in) - bridged eth1 (bridge out) - I've tried both host-only and custom (vmnet3) and I'm confused why http://www.honeynet.org.pk/honeywall/roo/page2b.htm says this should be another bridged interface, I tried that too but I got a nasty ARP storm then sent honeyall cpu to 20-30 :) eth2 - NAT or another host-only ( or whatever) will do SSH forwarding for walleye through host management interface Honeynet (Debian Sarge) -------------- eth0 - host only eth1 - NAT - just used for upgrading packages, was down when trying to get it working... So I assign eth0 on honeynet to one of my public IPs and ping from another public IP my other public IP interface is plugged into a hub that eth0 on the host is plugged into. On the honeywall -- I see the ARPs go in eth0 and out eth1 (and also on br0, obviously) On the honeynet -- I see the ARP request and the honeynet sends the ARP reply back But I never see the ARP reply come back through on honeywall eth1. Interesting enough, I happened to sniff on host vmnet3 (custom) and saw them there). Any ideas? Thanks, - mdf -- Matthew Franz http://www.threatmind.net
Current thread:
- VMWare / Honeywall bridging problems Matthew Franz (May 15)