Honeypots mailing list archives

Re: virtual honeynet, not accessible from outside, only from host

From: george chamales <george () overt org>
Date: Wed, 15 Mar 2006 12:33:42 -0500

Hello Kai,

Setting up the VMWare interfaces on Linux can be tricky.  Have you
attempted to run tcpdump on the external interface of the honeywall?
If traffic from the outside is not reaching the external interface on
the honeywall then there is most likely a problem with your interface
configuration in VMWare.

The HwMANAGER configuration variable controls the IP's that are
allowed to connect to the honeywall's management interface.  It does
not affect traffic heading into or out of the Honeynet.

Good Luck,
george

On Wed, Mar 15, 2006 at 04:50:27PM -0000, honey () kleinundgemein de wrote:

Hi,

I have a roo config problem, my setup is like that:
http://www.honeynet.org.es/reports/diagram.png

My host is linux (debian 3.1) with VMware Server, my honeypots are Win2k and RedHat 7.0.

But all virtual machines are not accessible from the outside world, only from the host.
The VMware configuration is fine, so it must be a honeywall config error.

host:~#  nmap -p 443 <honeywall-ip> -P0 

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-03-15 16:56 CET
Interesting ports on honeywall.domain.tld (<honeywall-ip>):
PORT    STATE SERVICE
443/tcp open  https
MAC Address: 00:0C:29:CD:71:CD (VMware)

Nmap finished: 1 IP address (1 host up) scanned in 0.308 seconds


outsideserver:~#  nmap -p 443 <honeywall-ip> -P0

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-03-15 16:56 CET
Interesting ports on honeywall.domain.tld (<honeywall-ip>):
PORT    STATE    SERVICE
443/tcp filtered https

Nmap finished: 1 IP address (1 host up) scanned in 2.043 seconds



host:~# ps aux | grep eth1
root       292  0.0  0.0  2500  868 ?        Ss   02:15   0:00 dhclient -e -pf /var/run/dhclient.eth1.pid -lf 
/var/run/dhclient.eth1.leases eth1
root       563  0.0  0.0  1352  312 ?        S    02:15   0:00 /usr/bin/vmnet-bridge -d /var/run/vmnet-bridge-0.pid 
/dev/vmnet0 eth1
root     25310  0.0  0.0  3804  776 pts/1    S+   16:56   0:00 grep eth1


it has probably something to do with HwMANAGER (can post any other config information, too):

[root@honeywall ~]# hwctl -n HwMANAGER
any/0

("any" gave iptables errors and setting ips didn't work either)


I am really thankful for any help since this is for a little project at college.

Thanks

Kai

Current thread:

virtual honeynet, not accessible from outside, only from host honey (Mar 15)
- Re: virtual honeynet, not accessible from outside, only from host Miguel José Hernández y López (Mar 15)
- Re: virtual honeynet, not accessible from outside, only from host george chamales (Mar 15)
- <Possible follow-ups>
- Re: Re: virtual honeynet, not accessible from outside, only from host honey (Mar 15)