Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Re: virtual honeynet with vmware

From: Guillaume Rix <guillaume.rix () sun com>
Date: Thu, 02 Oct 2003 00:32:02 +0200
Hi Patrick,

Thanks for your answer.

I amn't sure to understand very well.
Could you please to be more precise for explain this, what do you mean by "real" address ? In this case , it's a bridge mode of vmware, not a HostOnly Network, as preconise in the Know Your Ennemy : Learn with VMware. 
I precise that I amn't the admin server for the 129.157.178.0 network.
And if I bridge the network 192.168.172.0 with the network 129.157.178.0,

For resume my situation :
I am on the network 129.157.178.0 with one fixed IP 129.157.178.165 on eth0 with RedHat9. 
I can't change anything on the network 129.157.178.0.
I installed three GuestOS with VMWare in a Host-Only Networking 192.168.172.0 on vmnet1. 
What are the routes that I must add ? and where ?
How use my fixed IP address 129.157.178.165 for continue to use my traffic of all the days ? 

Cheers,
Guillaume

Patrick McCarty wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello,

BRIDGE mode is not going to work properly when your guest OS' have RFC1918 addresses. If snort-inline bridges those from vmnet1 to eth0, 
they arn't going to route anywhere. You'll have to assign them "real" addresses, in your 129.157.178.x network, if in fact 
you wish to have them transparently bridged.

Additionally, currently your firewall script is blocking your 129.157.178.x address on eth0, because it doesnt have 
knowledge of that. (At least, thats how it appears from your excerpt below.)

- -- Patrick

On Wed, Oct 01, 2003 at 08:58:49AM +0200, Guillaume Rix wrote:

Hi gang,

I tried to implement a virtual honeynet GEN2 with Vmware.
Here is my limited architecture :

HostOS ( access with internet):
----------------------------------------

      RedHat9
      One physical interface eth0
      eth0      Lien encap:Ethernet  HWaddr 00:x6:xB:6x:x6:Dx
inet adr:129.157.178.xxx Bcast:129.157.178.255 Masque:255.255.255.0 
      gateway : 129.157.178.1

      One logical interface vmnet1 (Host-Only Networking with Vmware)
      vmnet1    Lien encap:Ethernet  HWaddr 00:5x:x6:Cx:0x:0x
      inet adr:192.168.172.1  Bcast:192.168.172.255  Masque:255.255.255.0


GuestOS :
-------------

     OpenBSD3-3 ( ip=192.168.172.2 gateway=192.168.172.1)
     FreeBSD5-1r ( ip=192.168.172.3 gateway=192.168.172.1)
     Win2000Pro ( ip=192.168.172.4 gateway=192.168.172.1)

Is this configuration correct (gateway, ip, etc ...) ?
Here, before to use rc.firewall for the bridge mode, my GuestOS can't contact the network 129.157.178.0 but 
just the ip of the HostOS (129.157.178.xxx).

Here is the principal configuration of my rc.firewall script :
------------------------------------------------------------------------------

PUBLIC_IP="192.168.172.2 192.168.172.3 192.168.172.4"
INET_IFACE="eth0"
LAN_IFACE="vmnet1"
LAN_BCAST_ADDRESS="192.168.172.255"
After I execute this script, I can't communicate with the external address from my HostOS with eth0. 
Am I impose to have two physical interfaces ?
One eth0 for enter to the network 129.157.178.0,
and another one eth1 for use with the bridge ?
In fact, I am completly confuse here and here is what I want :
Continue to use my HostOS for access to intranet (with my static IP 129.157.178.xxx) and internet. 
Build a virtual honeynet with vmware on a Host-Only Networking 192.168.172.0
For genII, I need to use the firewall in bridge mode.
Allow to my GuestOS to acceed to the intranet 129.157.178.0 and more.
Can I use a virtual IP for my bridge for keep my eth1 with the IP address 129.157.178.xxx ? 

I hope that my requests are not bad.
Please help me to find a solution for this situation.
Thanks in advance for your comments on this.

GR


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/exafpPYocrgNjZgRAuJ4AJsG0wA3nrja0ZUgw8Fn1yZem44CvgCfWW2Y
t3ula2I7L+diBWdUktMjjfQ=
=POBc
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: