Honeypots mailing list archives
Re: rc.firewall problem
From: die tuere <reitenba () fh-brandenburg de>
Date: Thu, 10 Jun 2004 16:02:00 +0000
On Thursday 10 June 2004 07:05, jhon nash wrote:
Hi All, Can any if u good souls help me with reverse firewall config? I have never configured a firewall before so plz excuse my knowledge:). I have 2 honeypots on honeynet and I want it to use 192.168.2.2 and 192.168.2.3 for honeypots and I have two public IPs say for e.g 178.2.2.21 and 178.2.2.22. I have assigned IP address 192.168.2.1 on eth1 interface which is the LAN_IFACE and it goes to uplink port of a hub to which honeypots are connected. The honeypots are using this IP i.e 192.168.2.1 as default gateway is this right? also what should be default gateway for eth1? Does the IP address assigned to eth0 i.e. the NIC which goes to the switch which connectes to external network matters or I can use any IP? Also what should be the default gateway for this IP? Finally if I want to use a DNS server from my network should I assign the IP of this DNS for e.g. 172.2.134.12 as DNS IP to all honeypots and firewall ? I will really really appreciate if you can help me with this.
hi john, just some questions: do you use the firewall in bridge or nat mode? but i assume nat mode as if i get it out of your description, so the default gate for the honeypots would be the internal ip address of the firewall so it should be right: 192.168.2.1 the firewall itself has its default gateway as usual, eth1 there as your internal interface doesnt need a default gw, i assume eth0 with its public ip's has a default gateway applied is one of your honeypots the dns/ntp server for both honeypots or are they both clients to non-honeypot dns/ntp servers, there is a config section where you can configure this? for management purposes, maybe you add a third nic, to a dedicated network, especially secured, so you only have your two public honeypot ips on the public network. the rc.firewall script is a good starting point for a honeynet firewall. but out of my experiences i rewrote half of the script to suit my needs. maybe you want to read: iptables(8), bash(1), syslogd(8) hth buzz
Current thread:
- rc.firewall problem jhon nash (Jun 10)
- Re: rc.firewall problem die tuere (Jun 10)