[Honeywall] Complete Network failure

Bill McCarty wbmccarty at gmail.com
Thu May 29 02:03:56 EDT 2008


CaNe, the setup sounds fine to me.

I presume the honeypot is configured to fetch its network configuration via
DHCP. Of course, if the DHCP transactions fails, the honeypot won't have an
IP address and so won't be able to ping its router. That may be exactly the
failure mode you're experiencing.

I suggest that you run separate instances of tcpdump on eth0 and eth1 in
order to see what traffic does/doesn't flow during a DHCP transaction.  But,
I'd also try initially configuring the honeypot with a static IP so that
problems with the DHCP server can be ruled out.

Cheers,

On Wed, May 28, 2008 at 9:15 PM, CaNe <cane at sassley.com> wrote:

> Ok figured out what was going on with the collisions had the honeywall
> and the hub hooked into the router with the honeywall hooked in the hub
> but there is another ? raised. I can't get it to ping the router its
> supposed to connect to. Says network unreachable. also the honeypot
> doesn't receive its ip. Ive attached my honeywall config file.
> The 1st routers ip address is 192.168.1.1 and the second is
> 192.168.48.1. The network cards i am using on the honeywall are a
> netgear  fx 310 : which is eth1 and the onboard via rhine II witch is
> eth0. Eth0 is connected to the router and Eth1 is connected to the hub
> and then to the honeypot.
>
> If you see anything wrong with this picture your input is greatfully
> apprieciated.
>
> Thanks for all the help.
>
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
>


-- 
Bill McCarty, Ph.D.
Professor of Computer Science
Biola University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20080528/35bc495b/attachment-0001.html


More information about the Honeywall mailing list