Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rc.firewall problem

From: die tuere <reitenba () fh-brandenburg de>
Date: Thu, 10 Jun 2004 16:02:00 +0000
On Thursday 10 June 2004 07:05, jhon nash wrote:

Hi All,

Can any if u good souls help me with reverse firewall config? I have never
configured a firewall before so plz excuse my knowledge:). I have 2
honeypots on honeynet and I want it to use 192.168.2.2 and 192.168.2.3 for
honeypots and I have two public IPs say for e.g 178.2.2.21 and 178.2.2.22.
I have assigned IP address  192.168.2.1 on eth1 interface which is the
LAN_IFACE and it goes to uplink port of a hub to which honeypots are
connected. The honeypots are using this IP i.e 192.168.2.1 as default
gateway is this right? also what should be default gateway for eth1?  Does
the IP address assigned to eth0 i.e. the NIC which goes to the switch which
connectes to external network matters or I can use any IP? Also what should
be the default gateway for this IP? Finally if I want to use a DNS server
from my network should I assign the IP of this DNS for e.g. 172.2.134.12 as
DNS IP to all honeypots and firewall ? I will really really appreciate if
you can help me with this.


hi john,

just some questions:
        do you use the firewall in bridge or nat mode?
        but i assume nat mode as if i get it out of your description, so the default 
                gate for the honeypots would be the internal ip address of the firewall
                so it should be right: 192.168.2.1
                the firewall itself has its default gateway as usual, eth1 there as your        
                internal interface doesnt need a default gw, i assume eth0 with its public
                ip's has a default gateway applied
        is one of your honeypots the dns/ntp server for both honeypots or are they 
                both clients to non-honeypot dns/ntp servers, there is a config section 
                where you can configure this?
        for management purposes, maybe you add a third nic, to a dedicated network,     
                especially secured, so you only have your two public honeypot ips on the        
                public network.

the rc.firewall script is a good starting point for a honeynet firewall. but 
out of my experiences i rewrote half of the script to suit my needs.

maybe you want to read: iptables(8), bash(1), syslogd(8)

hth
buzz
Previous By Date Next
Previous By Thread Next

Current thread: