[Honeywall] #55: Honeywall setup problem

Honeywall honeywall-trac at projects.honeynet.org
Thu Dec 24 21:06:15 EST 2009


#55: Honeywall setup problem
------------------------+---------------------------------------------------
  Reporter:  HoneyBee   |       Owner:  rob at honeynet.org
      Type:  task       |      Status:  new             
  Priority:  major      |   Milestone:                  
 Component:  Honeywall  |     Version:  1.4 Release     
Resolution:             |    Keywords:                  
------------------------+---------------------------------------------------
Comment (by breusshe):

 You'll need to configure three vSwitches and create one port group on each
 vSwitch.  on your ESX server.  Call the first port group in the first
 vSwitch "External" and connect it to your physical NIC.  Call the second
 port group in the second vSwitch "Internal" and DO NOT connect it to your
 physical NIC.  Call the third port group in the third vSwitch "Honeywall
 Management" and connect it to your physical NIC.  Also, for the External
 and Internal vSwitches, you'll need to activate Promiscuous Mode or
 traffic will not route properly.

 Create the vSwitches and their associated port groups in that order and
 your Honeywall NIC interfaces will come up just fine.  Now, for the
 clients, you'll add the vNIC on the XP system that will manage the
 Honeywall to the "Honeywall Management" port group when you create/edit
 the NIC device.  You'll do the same thing for the XP honeypot, except the
 port group you'll add it to will be "Internal".

 That should get your connectivity setup right.  Now, to get Walleye (the
 GUI) working, edit /etc/honeywall.conf using vi.  Find and set the
 following items in it:

 {{{
 HwMANAGE_NETMASK=<netmask of your management interface (eth2 [e.g.
 255.255.255.0])>
 HwALLOWED_TCP_IN=<port used by Walleye to access server (443)>
 HwMANAGE_IP=<ip of the management interface (eth2 [xxx.xxx.xxx.xxx])>
 HwHONEYWALL_RUN=<yes to activate honeywall, no to turn it off (yes)>
 HwMANAGE_GATEWAY=<Gateway ip of the management interface (eth2
 [xxx.xxx.xxx.xxx])>
 HwMANAGE_IFACE=<name of management NIC (eth2)>
 HwMANGE_DNS=<space separated list of DNS servers (xxx.xxx.xxx.xxx
 xxx.xxx.xxx.xxx)>
 HwMANAGE_STARTUP=<yes to activate management interface, no for off (yes)>
 HwALLOWED_TCP_OUT=<make sure 443 is in this list!>
 HwWALLEYE=<yes to turn on Walleye, no for off (yes)>
 HwMANAGER=<space delimited list of ip's that can connect via the
 management interface (pc1 pc2 [e.g. xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx] |
 [any])
 HwMANAGE_DIALOG=<yes to allow configuration via the Menu application
 mentioned earlier, no to keep it turned off (yes)>
 HwHEADLESS=<yes to have Honeynet rebuild its config from honeywall.conf at
 boot time, no to leave its config alone (yes)>
 }}}

 In the above settings, entries in parenthesis "()" are default values,
 unless there are also square brackets "[]".  In that case, the items in
 the brackets are the examples and what is in parenthesis is the interface
 it affects.  HwMANAGER is special.  You can either specify a space-
 delimited list of IPs for computers that can manage the Honeywall, or you
 can put "any", which will allow any computer to manage it.  You'll want to
 restrict to an IP for security reasons.

 Now, here is where it gets fun.  You have three NICs on the Honeywall:
 eth0, eth1, eth2.  Eth0 and eth1 are bridged together to make a fourth
 interface, br0.  Eth2 is used to manage the Walleye GUI.  The above
 settings turns on Walleye and configures eth2.  So, once you have all of
 that out of the way, save the file (type: ":wq!" to save the file) and
 reboot Honeywall.  When it comes back up, you should be able to log into
 the honeywall at https://xxx.xxx.xxx.xxx where the x's are for your eth2
 IP addresss configured in /etc/honeywall.conf.  The default login is:

 user:  roo
 pwd:   honey

 The rest if rather straight forward so I'll leave you to explore.

-- 
Ticket URL: <https://projects.honeynet.org/honeywall/ticket/55#comment:1>
Honeywall <https://projects.honeynet.org/honeywall>
Honeywall Public Project Site


More information about the Honeywall mailing list