Honeyd on a single host...

["Peter Bates" <Peter.Bates () lshtm ac uk>]

Hello all...

I just thought I'd ask here, to see if anyone else 
had a working configuration for anything similar.

I have a Linux box... ppp0 is the outside world,
eth0 is 192.168.1.0/24 for some internal hosts
(which are then masqueraded with iptables), and 
also an eth1 in the machine, that isn't connected or being used.

eth0 provides DHCP services, so I'm trying to avoid arpd,
but I obviously need to run honeyd on eth0 (or eth1) as it
coughs on trying to bind to ppp0.

So, I run it bound to eth0 or eth1, and then try 

iptables -t nat -I PREROUTING  -p tcp --dport !22 -i ppp0
-j DNAT --to-destination 192.168.1.200

(I've configured honeyd to 'pretend' to be 192.168.1.200)

The traffic appears to come in, but never gets anywhere near
honeyd ...

Before I start reconsidering and just redirecting traffic to my 
home machine to my working honey(d)net, does anyone have
a working configuration like the above that they are using?

I can get things working if I use a second box attached to eth0,
but I'm trying to avoid having my home littered with computers :)

Thanks...




--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838