hybrid virtual honeynets

[Angel Avila <darthspud () yahoo com>]

Hi, I've recently became real interested in honeynets.
 I am trying to build a hybrid virtual honeynet.  I've
been following the KYE: Gen II honeynet and Learning
with VMWare whitepaper as guides for the development.
 
The question I have pertains to bridging.  Will I have
to have a bridge running on both machines (gateway,
hostOS of honeypots)?  How does running a hybrid
affect running tools like sebek or rc.firewall script?
 
I am assuming that on the gateway side I will have the
rc.firewall's LAN_IFACE variable and bridge interface
set to ETH1 (my gateway only has 2 eth cards).  This
will be the same for the other tools such as
snort_inline and snort.
 
I am not sure on the hostOS side. 
 
I've kinda gotten confused, since I am trying to
follow the two whitepapers.
 
I would appreciate any suggestions.
 
Thanks
 


                
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail