Honeypots mailing list archives

Re: Re: Re: Honeywall eth0 eth1 & eth2

From: george chamales <george () overt org>
Date: Tue, 16 May 2006 08:32:12 -0400

Anh,

Try looking for the packets using tcpdump on the honeywall.  Run tcpdump
on the internal interface and see if you can see the outbound packets.
If you do not, then you most likely have a problem with your VMware
configuration.  Is eth1 on the honeywall on vmnet1 as well? 

If you can see the traffic, then run tcpdump on the external interface.  
If you don't see the outbound traffic, then the packets may be getting
dropped by the honeywall's connection-limiting firewall.  Look in
/var/log/messages for messages that include a line like "Drop ICMP".

If you see lines like that then there's a good chance that the honeywall
is configured properly, but during your testing you reached the outbound
connection limit and the firewall is dropping your traffic.  Reload the
firewall using "/etc/init.d/rc.firewall restart" and try again.

Finally, if you are seeing traffic leave the external interface, make
sure that you are also receiving the response packets.  If you do not,
then it's likely a VMware problem with the vm interface's bridge
configuration or a firewall on the computer that is running VMware that
is blocking the traffic.  If all else fails, check to make sure that the
cord is plugged in.

Hope this helps,
george

On Tue, May 16, 2006 at 08:46:16AM -0000, anh.doquoc () gmail com wrote:

George,

I changed my configuration according to advice, I removed IP addresses of Eth0 and Eth1. 

My network topology is the same as :
http://www.honeynet.org.pk/honeywall/roo/page2b.htm

Eth0 and Eth2 are brigde adapter.
Eth1 is host only adapter.
Honeypost are on Vmnet1 as topology.

I assigned my honeypots(6+7) the IP from the same network  as network that the honeynet is deployed on, and default 
gateway points to my router.

But I still can not ping from my honeypots to outside of honeynet, and can not ping default gateway. Honeypots can 
ping each others

Do you think that is the problem with my VMware configuration? What should I do to implement my honeynet ? 

Thanks ,

Anh.

Current thread:

Honeywall eth0 eth1 & eth2 omarmdx (Apr 24)
- Re: Honeywall eth0 eth1 & eth2 george chamales (Apr 24)
- Re: Honeywall eth0 eth1 & eth2 Hugo Francisco González Robledo (Apr 24)
- <Possible follow-ups>
- Re: Re: Honeywall eth0 eth1 & eth2 anh . doquoc (May 12)
  - Re: Re: Honeywall eth0 eth1 & eth2 george chamales (May 12)
- Re: Re: Re: Honeywall eth0 eth1 & eth2 anh . doquoc (May 16)
  - Re: Re: Re: Honeywall eth0 eth1 & eth2 george chamales (May 16)
- Re: Re: Re: Re: Honeywall eth0 eth1 & eth2 anh . doquoc (May 17)