Honeypots mailing list archives

virtual honeynet with vmware

From: Guillaume Rix <guillaume.rix () sun com>
Date: Wed, 01 Oct 2003 08:58:49 +0200

Hi gang,

I tried to implement a virtual honeynet GEN2 with Vmware.
Here is my limited architecture :

HostOS ( access with internet):
----------------------------------------

       RedHat9
       One physical interface eth0
       eth0      Lien encap:Ethernet  HWaddr 00:x6:xB:6x:x6:Dx

inet adr:129.157.178.xxx Bcast:129.157.178.255Masque:255.255.255.0

       gateway : 129.157.178.1

       One logical interface vmnet1 (Host-Only Networking with Vmware)
       vmnet1    Lien encap:Ethernet  HWaddr 00:5x:x6:Cx:0x:0x
       inet adr:192.168.172.1  Bcast:192.168.172.255  Masque:255.255.255.0


GuestOS :
-------------

      OpenBSD3-3 ( ip=192.168.172.2 gateway=192.168.172.1)
      FreeBSD5-1r ( ip=192.168.172.3 gateway=192.168.172.1)
      Win2000Pro ( ip=192.168.172.4 gateway=192.168.172.1)

Is this configuration correct (gateway, ip, etc ...) ?

Here, before to use rc.firewall for the bridge mode, my GuestOS can'tcontact the network 129.157.178.0 but

just the ip of the HostOS (129.157.178.xxx).

Here is the principal configuration of my rc.firewall script :
------------------------------------------------------------------------------

PUBLIC_IP="192.168.172.2 192.168.172.3 192.168.172.4"
INET_IFACE="eth0"
LAN_IFACE="vmnet1"
LAN_BCAST_ADDRESS="192.168.172.255"

After I execute this script, I can't communicate with the externaladdress from my HostOS with eth0.

Am I impose to have two physical interfaces ?
One eth0 for enter to the network 129.157.178.0,
and another one eth1 for use with the bridge ?
In fact, I am completly confuse here and here is what I want :

Continue to use my HostOS for access to intranet (with my static IP129.157.178.xxx) and internet.

Build a virtual honeynet with vmware on a Host-Only Networking 192.168.172.0
For genII, I need to use the firewall in bridge mode.
Allow to my GuestOS to acceed to the intranet 129.157.178.0 and more.

Can I use a virtual IP for my bridge for keep my eth1 with the IPaddress 129.157.178.xxx ?


I hope that my requests are not bad.
Please help me to find a solution for this situation.
Thanks in advance for your comments on this.

GR

Current thread:

virtual honeynet with vmware Guillaume Rix (Oct 01)
- Message not available
  - Re: virtual honeynet with vmware Guillaume Rix (Oct 02)
    - Message not available
    - Re: virtual honeynet with vmware Guillaume Rix (Oct 02)
- <Possible follow-ups>
- Re: virtual honeynet with vmware Steve (Oct 02)