honeyd with vserver

[fleshcrawler <fleshcrawler () fleshcrawler dyndns org>]

Hi there!

I'm trying to set up some kind of weird and complex honeynet.
I run 2 Linux boxes and 3 Windows boxes in my home net. One
Linux box is used as router to the internet (dsl-connection). On this
box I set up lots of vservers (check out vserver package on debian)
and each vserver is running one service. So I have a vserver for web,
one for mail and so on. The vservers are all placed in 192.168.0.0/16
with random IPs. The root server is located at 10.0.0.1 and the rest of
all boxes are in the 10.0.0.0/24 net aswell.
Now I was going to setup a vserver dedicated for running honeyd but it
won't reply to any connection attempts to the setup honeyd-IPs. Then
I configured the honeyd on the root host to make sure that I get it runing
somehow and I can confirm that it's not my fault that the honyd is not
responding.

I set up a honey-net on 10.1.0.0/16 10.0.1.0/24 and 10.0.0.0/24. When
I ping the honey-servers from a windows-box in 10.0.0.0/24 they respond
as expected. But if I ping them from the honeyd-server itself it does 
nothing.
The farpd won't react nor the honeyd itself. Also pinging from one of the
vservers gets any responses.

I wonder if my routing table has to be adjusted. The default gw is 
automatically
set to the dsl-connection. No other gateways are set.

Here comes my honeyd configuration:

---zip---

# Example of a simple host template and its binding
route entry 10.0.0.1 network 10.0.0.0/24
route 10.0.0.1 link 10.0.0.0/24
route 10.0.0.1 add net 10.0.1.0/24 10.0.0.100
route 10.0.0.100 link 10.0.1.0/24
route 10.0.0.100 add net 10.1.0.0/16 10.0.1.100
route 10.0.1.100 link 10.1.0.0/16

create template
set template personality "Windows 2000 Professional, Build 2128"
set template uptime 1728650
#add template tcp port 80 "scripts/iis5.net/main.pl"
add template tcp port 80 "sh /usr/share/honeyd/web.sh"
add template tcp port 22 "sh /usr/share/honeyd/test.sh $ipsrc $dport"
add template tcp port 23 proxy $ipsrc:23
add template udp port 53 proxy 141.211.92.141:53
set template default tcp action reset

create default
set default default tcp action block
set default default udp action block
set default default icmp action block

create router
set router personality "Cisco 7206 running IOS 11.1(24)"
set router default tcp action reset
add router tcp port 22 "/usr/share/honeyd/test.sh"
add router tcp port 23 "/usr/share/honeyd/router-telnet.pl"

bind 10.0.0.1 to eth1
bind 10.0.0.2 to eth1
bind 10.0.0.3 to eth1
bind 10.0.0.4 to eth1

bind 10.0.0.5 template
bind 10.0.0.6 template
bind 10.0.0.7 template
bind 10.0.0.8 template

bind 10.0.1.1 template
bind 10.0.1.2 template

bind 10.1.0.1 template
bind 10.1.0.2 template

bind 10.0.0.100 router
bind 10.0.1.100 router
bind 10.1.0.100 router