Re: One IP Address

["Mark J. Hufe" <mark.j.hufe () wilmcoll edu>]

David,

I have a similar question.

I configured my network to match, as best I could, the network diagram 
in the Honeywall documentation which shows the honeypots on private IP 
addresses. I have Comcast RIP service, which gives me five static IP's. 
I'm only using two for the Honeynet. One goes to the Honeywall, running 
roo with a walleye interface. The other first goes to an old D-Link 
wireless router, but ignoring the wireless part. The D-Link is used to 
provide port forwarding. So, I can see my honeypots from the outside 
through the D-Link. The static IP address is assigned to the WAN side of 
the router. (Comcast provided a newtered SMC modem which doesn't support 
port forwarding.)

But, that works for just one server. I can only run one http server, one 
ftp server, ...

So, I don't really see how the honeypots in the honeywall diagram on a 
LAN are supposed to be accessed from the Internet unless through a NAT, 
like I have in my set-up.

I'm just a newbie at this. I'm open to suggestions.

- Mark

davidhawksuk () yahoo co uk wrote:
> Hi There,
>
> Setting up my first virtual honeynet (using VMware and roo) has been painfully slow, mainly because of my ISP….
>
> Here is the problem.
>
> My internet connection has a static IP and I had placed an order for a block of IP address which I was to assign to 
> each of the machines in the net. I have now found (after a month of chasing) that they cannot assign them because of 
> the package I’m on. (Budgetary and time constraints mean I can’t change ISP right now).
>
> My questions is if I have the following setup
>
>
> Internet -> router -> DMZ ->Honeywall -> Honeypots
>                        |
>                        |
>                Production network
>
>  
> Are my honeypots going to be seen from outside? and am I likely to receive any traffic?
>
> If they will not what is the best configuration using the one IP address I have?
>
> Thanks in advance
>
> / David