Honeywall

snoophallo

Erfahrenes Mitglied
Ich hab folgendes Problem und zwar komme ich bei meiner Testhoneywall nicht auf das Managementinterface (Webinterface).

host-only bedeutet ja eigentlich, dass ich von meinem physikalischen Hostsystem trotzdem noch mit den virtuellen VMs in Verbindung stehe oder?
Somit müsste ja eigentlich die IP-Adresse des Managemetsystem auch aus dem IP-Address-Bereich des physikalsichen Host stammen um in Kontakt treten so können.

Ich habe dabei die VMware so konfiguriert (unter Windows):
Honeywall:
1.Netzwerkinterface(bridged)(honeywall:eth0)
2. Netzwerkinterface (host-only)(honeywall:eth1)
3. Netzwerkinterface (host-only)(honeywall:eth2)


physikalsiches Netzwerk 192.168.0.0/24
virtuelles Netzwerk: 10.10.10.0/24

Code:
#####################################################################
#
# $Id: honeywall.conf 4552 2006-10-17 01:06:51Z esammons $
#
#############################################
#
# Copyright (C) <2005> <The Honeynet Project>
#
# This program is free software; you can redistribute it and/or modify 
# it under the terms of the GNU General Public License as published by 
# the Free Software Foundation; either version 2 of the License, or (at 
# your option) any later version.
#
# This program is distributed in the hope that it will be useful, but 
# WITHOUT ANY WARRANTY; without even the implied warranty of 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License 
# along with this program; if not, write to the Free Software 
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 
# USA
#
#############################################

#
# This file is the Honeywall import file (aka "honeywall.conf").
# It is a list of VARIABLE=VALUE tuples (including comments as 
# necessary, # such as this) and whitespace lines.  
#
# note: DO NOT surround values in quotation marks
#
#####################################################################

############################
# Site variables that are  #
# global to all honeywalls #
# at a site.               #
############################

# Specify the IP address(es) and/or networks that are allowed to connect 
# to the management interface.  Specify any to allow unrestricted access.
# [Valid argument: IP address(es) | IP network(s) in CIDR notation | any]
HwMANAGER=any

# Specify the port on which SSHD will listen
# NOTE: Automatically aded to the list of TCP ports allowed in by IPTables
# [Valid argument: TCP (port 0 - 65535)]
HwSSHD_PORT=22

# Specify whether or not root can login remotely over SSH
# [Valid argument: yes | no]
HwSSHD_REMOTE_ROOT_LOGIN=no

# NTP Time server(s)
# [Valid argument: IP address]
HwTIME_SVR=


############################
# Local variables that are #
# specific to each         #
# honeywall at a site.     #
############################

# Specify the system hostname
# [Valid argument: string ]
HwHOSTNAME=honeywall

# Specify the system DNS domain
# [Valid argument: string ]
HwDOMAIN=honeynet

#Start the Honeywall on boot
# [Valid argument: yes | no]
HwHONEYWALL_RUN=yes

# To use a headless system.
# [Valid argument: yes | no]
HwHEADLESS=no


# This Honeywall's public IP address(es)
# [Valid argument: IP address | space delimited IP addresses]
HwHPOT_PUBLIC_IP=192.168.0.10

# DNS servers honeypots are allowed to communicate with
# [Valid argument: IP address | space delimited IP addresses]
HwDNS_SVRS=

# To restrict DNS access to a specific honeypot or group of honeypots, list
# them here, otherwise leave this variable blank
# [Valid argument: IP address | space delimited IP addresses | blank]
HwDNS_HOST=

# The name of the externally facing network interface
# [Valid argument: eth* | br* | ppp*]
HwINET_IFACE=eth0

# The name of the internally facing network interface
# [Valid argument: eth* | br* | ppp*]
HwLAN_IFACE=eth1

# The IP internal connected to the internally facing interface
# [Valid argument: IP network in CIDR notation]
HwLAN_IP_RANGE=10.10.10.0/24

# The IP broadcast address for internal network
# [Valid argument: IP broadcast address]
HwLAN_BCAST_ADDRESS=10.10.10.255

# Enable QUEUE support to integrate with Snort-Inline filtering
# [Valid argument: yes | no]
HwQUEUE=yes

# The unit of measure for setting oubtbound connection limits
# [Valid argument: second, minute, hour, day, week, month, year]
HwSCALE=hour

# The number of TCP connections per unit of measure (HwScale)
# [Valid argument: integer]
HwTCPRATE=20

# The number of UDP connections per unit of measure (HwSCALE)
# [Valid argument: integer]
HwUDPRATE=20

# The number of ICMP connections per unit of measure (HwSCALE)
# [Valid argument: integer]
HwICMPRATE=50

# The number of other IP connections per unit of measure (HwSCALE)
# [Valid argument: integer]
HwOTHERRATE=10

# Enable the SEBEK collector which delivers keystroke and files
# to a remote system even if an attacker replaces daemons such as sshd
# [Valid argument: yes | no]
HwSEBEK=no

# Enable the Walleye Web interface.
#[Valid argument: yes | no]
HwWALLEYE=yes

# Specify whether whether to drop SEBEK packets or allow them to be sent 
# outside of the Honeynet.
# [Valid argument: ACCEPT | DROP]
HwSEBEK_FATE=DROP

# Specify the SEBEK destination host IP address
# [Valid argument: IP address]
HwSEBEK_DST_IP=10.10.10.2

# Specify the SEBEK destination port
# [Valid argument: port]
HwSEBEK_DST_PORT=1101

# Enable SEBEK logging in the Honeywall firewall logs
# [Valid argument: yes | no]
HwSEBEK_LOG=no


# Specify whether the dialog menu is to be started on login to TTY1
# [Valid argument: yes | no ]
HwMANAGE_DIALOG=yes

# Specify whether management port is to be activated on start or not.
# [Valid argument: yes | no ]
HwMANAGE_STARTUP=yes

# Specy the network interface for remote management.  If set to br0, it will 
# assign MANAGE_IP to the logical bridge interface and allow its use as a 
# management interface.  Set to none to disable the management interface.
# [Valid argument: eth* | br* | ppp* | none]
HwMANAGE_IFACE=eth2

# IP of management Interface
# [Valid argument: IP address]
HwMANAGE_IP=192.168.0.11

# Netmask of management Interface
# [Valid argument: IP netmask]
HwMANAGE_NETMASK=255.255.255.0

# Default Gateway of management Interface
# [Valid argument: IP address]
HwMANAGE_GATEWAY=

# DNS Servers of management Interface
# [Valid argument: space delimited IP addresses]
HwMANAGE_DNS=

# TCP ports allowed into the management interface.
# Do NOT include the SSHD port.  It will automatically be included
# [Valid argument: space delimited list of TCP ports]
HwALLOWED_TCP_IN=443

# Specify whether or not the Honeywall will restrict outbound network 
# connections to specific destination ports.  When bridge mode is utilized,
# a management interface is required to restrict outbound network connections.
# [Valid argument: yes | no]
HwRESTRICT=yes

# Specity the TCP destination ports Honeypots can send network traffic to.
# [Valid argument: space delimited list of UDP ports]
HwALLOWED_TCP_OUT=22 25 43 80 443

# Specity the UDP destination ports Honeypots can send network traffic to.
# [Valid argument: space delimited list of UDP ports]
HwALLOWED_UDP_OUT=53 123

# Specify whether or not to start swatch and email alerting.
# [Valid argument: yes | no]
HwALERT=no

# Specify email address to use for email alerting.
# [Valid argument: any email address]
HwALERT_EMAIL=root@honeywall.honeynet

# NIC Module List - Set this to the number and order you wish
# to load NIC drivers, such that you get the order you want
# for eth0, eth1, eth2, etc.
# [Valid argument: list of strings]
#
# Example: eepro100 8139too
HwNICMODLIST=

# Blacklist, Whitelist, and Fencelist features.
# [Valid argument: string ]
HwFWBLACK=/etc/blacklist.txt

# [Valid argument: string ]
HwFWWHITE=/etc/whitelist.txt

# [Valid argument: string ]
HwFWFENCE=/etc/fencelist.txt

# [Valid argument: yes | no]
HwBWLIST_ENABLE=no

# [Valid argument: yes | no]
HwFENCELIST_ENABLE=no

# The following feature allows the roo to allow attackers into the
# honeypots but they can't send packets out...
# [Valid argument: yes | no]
HwROACHMOTEL_ENABLE=no

# Disables BPF filtering based on the contents of HwHPOT_PUBLIC_IP 
# and the black and white list contained within HwFWBLACK and HwFWWHITE
# if the HwBWLIST_ENABLE is on.  Other wise, it just filters based on
# the contents of HwHPOT_PUBLIC_IP
# [Valid argument: yes | no]
HwBPF_DISABLE=no

# This capability is not yet implemented in roo.  The variable
# has been commented out for this reason. dittrich - 02/08/05
# Options for hard drive tuning (if needed).
# [Valid argument: string ]
# Example: -c 1 -m 16 -d
HwHWPARMOPTS=

# Should we swap capslock and control keys?
HwSWAP_CAPSLOCK_CONTROL=no

##########################################################################
# Snort Rule Update Variables
##########################################################################
# Enable or disable automatic snort rule updates
# [Valid argument: yes | no]
HwRULE_ENABLE=no

# Automatically restart snort and snort_inline when automatic updates are 
# applied and when calls to update IDS or IPs rules?
# [Valid argument: yes | no]
HwSNORT_RESTART=no

# Oink Code - Required by Oinkmaster to retrieve VRT rule updates
# See: /hw/docs/README.snortrules or 
#      http://www.honeynet.org/tools/cdrom/roo/manual/
# for instructions on how to obtain it (Free registration).
# [Valid argument: ~40 char alphanum string]
HwOINKCODE=

# Day automatic snort rule updates should be retrieved (for weekly updates)
# For daily updates, set this to ""
# [Valid argument: sun | mon | tue | wed | thu | fri | sat]
HwRULE_DAY=sat

# Hour of day snort rules updates should be retrieved
# [Valid argument: 0 | 1 | 2 | ... | 23] (0 is Midnight, 12 is noon, 23 is 11PM)
HwRULE_HOUR=3

##########################################################################
# Pcap and DB data retention settings
# Currenrly ONLY used when Pcap/DB purge scripts are called
# Pcap/DB data *is NOT* automatically purged
##########################################################################
# Days to retain Pcap data.  This will be used *IF* /dlg/config/purgePcap.pl 
# is called with NO arguments.
# NOTE: Override this by supplying the number of days as an argument ala:
# /dlg/config/purgePcap.pl <days>
HwPCAPDAYS=45

# Days to retain DB data.  This will be used *IF* /dlg/config/purgeDB.pl 
# is called with NO arguments.
# NOTE: Override this by supplying the number of days as an argument ala:
# /dlg/config/purgeDB.pl <days>
HwDBDAYS=180

##########################################################################
# NAT mode is no longer supported.
# Don't mess with anything below here unless you know what you're
# doing! Don't say we didn't warn you, and don't try logging a bugzilla
# request to clean up the mess!
##########################################################################

# Space delimited list of Honeypot ips
# NOTE: MUST HAVE SAME NUMBER OF IPS AS PUBLIC_IP VARIABLE.
# [Valid argument: IP address]
#HwHPOT_PRIV_IP_FOR_NAT=

# Specify the IP address of the honeywall's internal (i.e. gateway
# IP for NAT) IP address.  This is only used in NAT mode.
# [Valid argument: IP address ex: 192.168.10.1]
#HwPRIV_IP_FOR_NAT=


# Specify the IP netmask for interface alises.  One aliases will be created
# on the external interface for each Honeypot when in NAT mode only.
# [Valid argument: IP netmask]
#HwALIAS_MASK_FOR_NAT=255.255.255.0

# End of honeywall.conf parameters

Ich komme weder über die 192.168.0.10 noch über 192.168.0.11 auf das System.
Kann mir vielleicht jemand weiterhelfen?