Unusually problems with honeywall

["Ivica Maric" <imaravk () gmail com>]

Hi all!

My name is Ivica Maric and I am undergraduate student of Faculty of
Electrical Engeneering and Computing (www.fer.hr), Zagreb, Croatia. My
diplomma thesis is Honeynet and its usage in the real world.
I installed Honeynet CD (latest roo release) from www.honeynet.org to
one computer. Another computer is honeypot (Windows 2000). Honeywall
contains 3 network interfaces-eth0, eth1, eth2 where eth2 is managment
interface. I have read Honeywall CDROM Online manual, some whitepapers
linked to honeypot concept etc.

I have few problems with my configuration:

First problem is with yum update: i update first roo-base (to bypass
bug #423), after that I update entire honeywall (yum update). After
system rebooted p0f (Passive OS fingerprinting) service is [FAILED]. I
don't know why that happens.

Second problem: When I remove Snort or Snort_inline rule from Walleye
interface Snort and Snort_inline does not work anymore. I got [FAILED]
at boot time.

Third problem: My honeywall monitoring not only honeypot, but also
another computers that are active on the network. I presume that is
not desirable behavior. I properly connected honeypot, trough switch,
to eth1 (internally interface) and eth0 to public network.

I appreciate any assistance or advice! Thank you for your time!

Best regards,

Ivica Maric
FER (www.fer.hr)
Zagreb
Croatia