David,
I have a similar question.
I configured my network to match, as best I could, the network diagram
in the Honeywall documentation which shows the honeypots on private IP
addresses. I have Comcast RIP service, which gives me five static IP's.
I'm only using two for the Honeynet. One goes to the Honeywall, running
roo with a walleye interface. The other first goes to an old D-Link
wireless router, but ignoring the wireless part. The D-Link is used to
provide port forwarding. So, I can see my honeypots from the outside
through the D-Link. The static IP address is assigned to the WAN side of
the router. (Comcast provided a newtered SMC modem which doesn't support
port forwarding.)
But, that works for just one server. I can only run one http server, one
ftp server, ...
So, I don't really see how the honeypots in the honeywall diagram on a
LAN are supposed to be accessed from the Internet unless through a NAT,
like I have in my set-up.
I'm just a newbie at this. I'm open to suggestions.
- Mark
davidhawksuk_at_yahoo.co.uk wrote:
> Hi There,
>
> Setting up my first virtual honeynet (using VMware and roo) has been painfully slow, mainly because of my ISP….
>
> Here is the problem.
>
> My internet connection has a static IP and I had placed an order for a block of IP address which I was to assign to each of the machines in the net. I have now found (after a month of chasing) that they cannot assign them because of the package I’m on. (Budgetary and time constraints mean I can’t change ISP right now).
>
> My questions is if I have the following setup
>
>
> Internet -> router -> DMZ ->Honeywall -> Honeypots
> |
> |
> Production network
>
>
> Are my honeypots going to be seen from outside? and am I likely to receive any traffic?
>
> If they will not what is the best configuration using the one IP address I have?
>
> Thanks in advance
>
> / David
>
>
Received on Jul 01 2006
Intro
