Re: basic honeynet question

["Earl Sammons" <esammons () hush com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I _think_ there is a caveat to our current iptalbes config that
limits the hoenypot network to one directly connected to the
Honeypot facing interface, eth1 in your case.

If I'm not dropping packets again, and this is true, then you'll
have to remove the router and use a switch/hub to connect the hpots
to eth1.

Earl

On Fri, 07 Apr 2006 21:02:38 -0400 mat <mr () simla colostate edu>
wrote:
> so i have my honeynet set up like this...
>
> internet--|eth0  honeywall  eth1|--router--honeypot
>
> the router obtains an IP address correctly, but i cannot access
> the
> internet with the honeypot box.  i have disabled snort-inline so
> the
> packets should be sent.  anyone have any ideas?
>
>
>
>
> mr () simla colostate edu wrote:
> > im using the roo installation from www.honeynet.org and am
> having trouble understanding how the NIC cards are supposed to be
> set up.  they say
> > * eth0 is the "Internet" or outside Interface
> > * eth1 is the LAN interface (Honeypot side)
> > * eth2 is the Management interface
> > * br0 is the virtual bridge interface (eth0 + eth1)
> >
> > but i dont completly understand what that means.  is eth0 where
> the incoming connection comes, then eth1 is where the outbound
> packets are sent? also, do i need to set up a gateway before the
> honeypot? or can i user a router? im just really confused about
> how the physical networking is supposed to be done.  could someone
> give me some help?  thanks in advance
> >
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wkYEARECAAYFAkQ4H/YACgkQk7+e+4lPSm27XACfXxviWh8r7IjP6G9hB6Hky9VFjm4A
n0fN2XzZnzw5fLYibZzmXp5eVMdd
=+S1Y
-----END PGP SIGNATURE-----