[Honeywall] Roo 1.4 / ESXi 5.x installation and configuration issues

Andrew Brandt abrandt at soleranetworks.com
Thu Apr 26 10:10:33 CDT 2012

Hello, Honeywall people.

I attended last month's training in Palo Alto -- took David Watson's workshop on how to set up honeypots and a honeynet -- and have been trying to get a honeynet set up on my internal network. Installing Roo has proven to be challenging, to say the least. I'm installing roo-1.4.hw-20090425114542.iso into a VM built in the VMWare ESXi 5.0.0 release 623680 environment.

I realize I'm breaking new (or at least, not well documented) ground with my installation of Roo, but I wanted to share my experiences with the group and find out exactly what I'm doing wrong.

So, I've performed the installation from scratch a number of times. The reason for this is because, on every occasion, after I perform the final configuration of the honeywall through the "interrogation"/questionnaire method, the honeywall, in brief, immediately and with no warning whatsoever begins to generate so much network traffic that it literally floods my entire network to death, which requires me to log into the ESXi console directly -- I can't even reach the router on which the ESXi server is connected, let alone the server itself through the vSphere Client -- and reboot the entire server, just so I can use the network again. So I blow away the VM and start over, and every time I do it, the same thing happens.

I haven't even installed a honeyclient yet; This is just trying to get the honeywall working. So I'm understandably a bit frustrated. It worked great at the workshop.

I've carefully documented my installation and configuration process, which closely mimics the documentation I got at the workshop, but because my VMWare setup barely resembles the (very outdated) one in the documentation I was given at the workshop, I've had to make educated guesses about things like virtual network configuration, network settings, and the like. I must be guessing wrong, but I have no idea where to go from here.

Right now, I've got a Roo VM snapshot in the "paused" mode, installed and just prior to initial configuration, so I don't have to go through the process of reinstalling it again, but I cringe at the thought of starting it back up, because it disrupts a bunch of production VMs running on the same server every time I have to reboot the ESXi box.

First, I wanted to reach out and ask if there is any documentation or "field notes" about installing in VMWare ESXi 5, instead of VMWare Server. Second, I'd like to find out why roo goes haywire and bombs my network into oblivion, and/or if anyone has suggested virtual network configuration settings that might work in an ESXi 5 environment.

Thanks very much in advance for any help you can provide.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20120426/56bb8589/attachment.html 

More information about the Honeywall mailing list