Honeyd questions.

[John Lyons <john.lyons () heanet ie>]

I've been setting up honeyd for the last day or two and have been 
successful in getting most of the set-up working. There's two particular
areas however I've been having difficulty with. One is the virtual
routing, I can find very little documentation on this and I'm not sure
of the format this should take within the .conf file ? Has anyone got
this working at the moment who'd like to mail or post the relevant part of 
their .conf file with comments ? :-)

The second problem Ive come accross is with the scripts, currently when 
I run the script from command line on the box running honeyd it runs perfectly.

john@***:~/honeyd/honeyd/scripts$ sh pop3.sh 
+OK QPOP (version 2.53) at ***. starting.
user blah
+OK Password required for blah.
pass blah
-ERR Password supplied for "blah" is incorrect.
quit
+OK Pop serrver at ***. signing off.

Ive got the following line in my honeyd.conf which is associated with a
particular IP :

add linux tcp port 110 "sh /honeyd/honeyd/scripts/pop3.sh"

When I scan the IP in question this port shows up as open. However when I 
connect to the the virtual machine reporting port 110 open, the script 
doesnt run and just returns : 

john@***:~$ telnet *.*.*.* 110
Trying *.*.*.*
Connected to *.*.*.*
Escape character is '^]'.
Connection closed by foreign host.
john@***:~$

Permissions etc. look fine for the scripts, the honeyd box is running Debian Woody. 

Thanks for any help in advance ...

John