Problem understanding honeyd config

[Jonathan Lowther <jon.lowther () activis com>]

I'm a honeyd newbie!!  I have just installed honeyd 1.0 and am having
trouble understanding how to configure it.

I have a registered address range that I have placed behind a real firewall. On the subnet there is a server running 
redhat ES3.0. My intention is to allow port 80, 25 etc through the firewall to a small range of addresses on the 
subnet. I am then planning to configure honeyd so that it creates virtual servers for that range of addresses 
(192.168.1.3 --> 192.168.1.10
for example ).

The addresses currently used (for example) are:

192.168.1.1  - The firewall and def gateway for the honeyd server
192.168.1.2  - The real address of the redhat/honeyd server. The server only has one interface (eth0)

I wasn't going to have anything too complicated and I was planning to have a variety of virtual devices (Windows,  
Apple MAC, OpenBSD devices etc). On
the firewall I was planning to add host routes for each of these IP addresses so that traffic is sent to the honeyd 
server (so I won't need to
use arpd).

> From the config samples that I have looked at I can't seem to find a simple
setup like this. Most of the setups talk about creating routers. I'm not
sure if I have to create a router for the network since the firewall is
already acting as a router between my subnet and the rest of the Internet.


The config I have tried so far is as follows:

route entry 192.168.1.2 network 192.168.1.0/26
route 192.168.1.2 link 192.168.1.0/26

#Create a cisco router
create router
set router personality "Cisco IOS 11.3 - 12.0(11)"
set router default tcp action reset
set router default udp action reset
add router tcp port 23 "/usr/bin/perl
/usr/share/doc/honeyd-1.0/scripts/router-telnet.pl"
set router uid 32767 gid 32767
set router uptime 1327650

bind 192.168.1.2 router

### Windows NT4 web server
create windows
set windows personality "Windows NT 4.0 Server SP5-SP6"
add windows tcp port 80 "perl scripts/iis-0.95/iisemul8.pl"
add windows tcp port 139 open
add windows tcp port 137 open
add windows udp port 137 open
add windows udp port 135 open
set windows default tcp action reset
set windows default udp action reset

bind 192.168.1.3 windows
bind 192.168.1.4 windows
bind 192.168.1.5 windows
bind 192.168.1.6 windows



And I have run this using the command:

honeyd -d -disable-webserver -f config.test 192.168.1.0/26


However I get the following error:

honeyd: interface_new: intf_get: No such device


Also, I'm not sure if I should harden the honeyd server before I make it
accessable to the rest of the world (I couldn't find any reference to this
either). I've had a look through the FAQ and the mailing lists, and I can't
find a simple answer to my questions.

I'm probably totally misunderstanding the concept of honeyd (so please accept my apologies), but any suggestions for 
where I am going wrong would be very useful.

Thanks and regards,

Jonathan Lowther