[Honeywall] Re: Interface problems in Honeywall (Juan Kinunt)

Brett Ussher breusshe at hotmail.com
Sun Dec 20 13:13:01 EST 2009

Hey, Juan;

The interface issue is what confused me the most when I was making my
honeynet.  Here is why -- all of the posts you are finding are
correct.  You need to decide what the honeynet will be used for,
something those posts usually do not make clear.  You seem to be
making this honeynet for production use in order to help protect a
production network.  Therefore, you need bridged interfaces.  Now, by
bridged (since you are using VMware), I mean bridged between the
Honeywall virtual interfaces and the physical host interfaces.  This
means you'll need three physical NICs installed in your VM physical
host.  I make this distinction with bridged interfaces because the
Honeywall server also has bridged interfaces:  eth0 -> eth1.  This
means that whatever is connected to eth2 is your management interface.

With your VMware server, you'll have to make two more bridged VMnet
interfaces.  For mine, I created VMnet2 and VMnet3.  I also used a
WindowsXP box for my VMware server.  I'm not sure what you are using,
but I'll assume for the sake of this post it is also WinXP or some
sort of windows OS.  Here is how my topology looked (and will be
similar to yours):

                           WinXP NICs             VM NICs    Honeywall
                Local Area Connection    -> VMnet0 ->        eth0
                Local Area Connection 1 -> VMnet2 ->        eth1
                Local Area Connection 2 -> VMnet3 ->        eth2

    -> = joined interfaces, in this case all of the joined interfaces
are bridged.

Hope this helps.  If not, I'm currently making a document that lays
out how to install and configure the Honeywall.  Unfortunately, I
found all of the existing information was hard to follow and, in some
cases, irrelevant since they pertained to previous versions of
Honeywall.  Therefore, I've decided to create my own and then offer it
to the project for hosting.

Brett Ussher

honeywall-request at public.honeynet.org wrote:
> Send Honeywall mailing list submissions to
>     honeywall at public.honeynet.org
> To subscribe or unsubscribe via the World Wide Web, visit
>     https://public.honeynet.org/mailman/listinfo/honeywall
> or, via email, send a message with subject or body 'help' to
>     honeywall-request at public.honeynet.org
> You can reach the person managing the list at
>     honeywall-owner at public.honeynet.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Honeywall digest..."
> Today's Topics:
>    1. Interface problems in Honeywall (Juan Kinunt)
> ----------------------------------------------------------------------
> Message: 1
> Date: Sat, 19 Dec 2009 17:57:47 +0100
> From: Juan Kinunt <kinunt at gmail.com>
> Subject: [Honeywall] Interface problems in Honeywall
> To: honeywall at public.honeynet.org
> Message-ID: <4B2D060B.2000705 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> I know is it a topic deeply discussed but there exist a lot of different
> virtualization tecnologies, architectures and operative systems.
> I need help configuring the interfaces of the honeywall, a honeypot,
> host and VMWare Server.
> My case is that I'm in a corporate network where we are interested in
> installing a honeynet. The corporate network has the IP range
> I would like to connect the honeywall, it's management interface and a
> honeypot to the corporate network. The honeywall and the honeypot are
> virtualized inside a VMWare Server.
> Which networks and of which types should should I have configured in
> VMWare Server? How many interfaces should I have in the honeywall and of
> which types? Which type should have the interface of the honeypot?
> Should I configure manually any IP address or can I use DHCP
> automaticaly for the honeywall?
> I have read a lot in Google and some conclusions are that honeywall
> should have 3 interfaces but I don't know the types. Somewhere says that
> interface to honeypot should be host-only and in other places bridge.
> The same for the management interface, ¿bridged or host-only?. In other
> places I find that the interface of the honeywall that connects to
> internet is bridge and in other places NAT.
> Anyone can help me a bit with interfaces and types for my honeywall
> architecture?
> ------------------------------
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
> End of Honeywall Digest, Vol 31, Issue 5
> ****************************************

Brett D. Ussher

More information about the Honeywall mailing list