Honeypots mailing list archives
Re: virtual honeynet, not accessible from outside, only from host
From: george chamales <george () overt org>
Date: Wed, 15 Mar 2006 12:33:42 -0500
Hello Kai, Setting up the VMWare interfaces on Linux can be tricky. Have you attempted to run tcpdump on the external interface of the honeywall? If traffic from the outside is not reaching the external interface on the honeywall then there is most likely a problem with your interface configuration in VMWare. The HwMANAGER configuration variable controls the IP's that are allowed to connect to the honeywall's management interface. It does not affect traffic heading into or out of the Honeynet. Good Luck, george On Wed, Mar 15, 2006 at 04:50:27PM -0000, honey () kleinundgemein de wrote:
Hi, I have a roo config problem, my setup is like that: http://www.honeynet.org.es/reports/diagram.png My host is linux (debian 3.1) with VMware Server, my honeypots are Win2k and RedHat 7.0. But all virtual machines are not accessible from the outside world, only from the host. The VMware configuration is fine, so it must be a honeywall config error. host:~# nmap -p 443 <honeywall-ip> -P0 Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-03-15 16:56 CET Interesting ports on honeywall.domain.tld (<honeywall-ip>): PORT STATE SERVICE 443/tcp open https MAC Address: 00:0C:29:CD:71:CD (VMware) Nmap finished: 1 IP address (1 host up) scanned in 0.308 seconds outsideserver:~# nmap -p 443 <honeywall-ip> -P0 Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-03-15 16:56 CET Interesting ports on honeywall.domain.tld (<honeywall-ip>): PORT STATE SERVICE 443/tcp filtered https Nmap finished: 1 IP address (1 host up) scanned in 2.043 seconds host:~# ps aux | grep eth1 root 292 0.0 0.0 2500 868 ? Ss 02:15 0:00 dhclient -e -pf /var/run/dhclient.eth1.pid -lf /var/run/dhclient.eth1.leases eth1 root 563 0.0 0.0 1352 312 ? S 02:15 0:00 /usr/bin/vmnet-bridge -d /var/run/vmnet-bridge-0.pid /dev/vmnet0 eth1 root 25310 0.0 0.0 3804 776 pts/1 S+ 16:56 0:00 grep eth1 it has probably something to do with HwMANAGER (can post any other config information, too): [root@honeywall ~]# hwctl -n HwMANAGER any/0 ("any" gave iptables errors and setting ips didn't work either) I am really thankful for any help since this is for a little project at college. Thanks Kai
Current thread:
- virtual honeynet, not accessible from outside, only from host honey (Mar 15)
- Re: virtual honeynet, not accessible from outside, only from host Miguel José Hernández y López (Mar 15)
- Re: virtual honeynet, not accessible from outside, only from host george chamales (Mar 15)
- <Possible follow-ups>
- Re: Re: virtual honeynet, not accessible from outside, only from host honey (Mar 15)