Honeywall

S

snoophallo

Erfahrenes Mitglied
Ich hab folgendes Problem und zwar komme ich bei meiner Testhoneywall nicht auf das Managementinterface (Webinterface).

host-only bedeutet ja eigentlich, dass ich von meinem physikalischen Hostsystem trotzdem noch mit den virtuellen VMs in Verbindung stehe oder?
Somit müsste ja eigentlich die IP-Adresse des Managemetsystem auch aus dem IP-Address-Bereich des physikalsichen Host stammen um in Kontakt treten so können.

Ich habe dabei die VMware so konfiguriert (unter Windows):
Honeywall:
1.Netzwerkinterface(bridged)(honeywall:eth0)
2. Netzwerkinterface (host-only)(honeywall:eth1)
3. Netzwerkinterface (host-only)(honeywall:eth2)


physikalsiches Netzwerk 192.168.0.0/24
virtuelles Netzwerk: 10.10.10.0/24

Code: 
#####################################################################
#
# $Id: honeywall.conf 4552 2006-10-17 01:06:51Z esammons $
#
#############################################
#
# Copyright (C) <2005> <The Honeynet Project>
#
# This program is free software; you can redistribute it and/or modify 
# it under the terms of the GNU General Public License as published by 
# the Free Software Foundation; either version 2 of the License, or (at 
# your option) any later version.
#
# This program is distributed in the hope that it will be useful, but 
# WITHOUT ANY WARRANTY; without even the implied warranty of 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License 
# along with this program; if not, write to the Free Software 
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 
# USA
#
#############################################

#
# This file is the Honeywall import file (aka "honeywall.conf").
# It is a list of VARIABLE=VALUE tuples (including comments as 
# necessary, # such as this) and whitespace lines.  
#
# note: DO NOT surround values in quotation marks
#
#####################################################################

############################
# Site variables that are  #
# global to all honeywalls #
# at a site.               #
############################

# Specify the IP address(es) and/or networks that are allowed to connect 
# to the management interface.  Specify any to allow unrestricted access.
# [Valid argument: IP address(es) | IP network(s) in CIDR notation | any]
HwMANAGER=any

# Specify the port on which SSHD will listen
# NOTE: Automatically aded to the list of TCP ports allowed in by IPTables
# [Valid argument: TCP (port 0 - 65535)]
HwSSHD_PORT=22

# Specify whether or not root can login remotely over SSH
# [Valid argument: yes | no]
HwSSHD_REMOTE_ROOT_LOGIN=no

# NTP Time server(s)
# [Valid argument: IP address]
HwTIME_SVR=


############################
# Local variables that are #
# specific to each         #
# honeywall at a site.     #
############################

# Specify the system hostname
# [Valid argument: string ]
HwHOSTNAME=honeywall

# Specify the system DNS domain
# [Valid argument: string ]
HwDOMAIN=honeynet

#Start the Honeywall on boot
# [Valid argument: yes | no]
HwHONEYWALL_RUN=yes

# To use a headless system.
# [Valid argument: yes | no]
HwHEADLESS=no


# This Honeywall's public IP address(es)
# [Valid argument: IP address | space delimited IP addresses]
HwHPOT_PUBLIC_IP=192.168.0.10

# DNS servers honeypots are allowed to communicate with
# [Valid argument: IP address | space delimited IP addresses]
HwDNS_SVRS=

# To restrict DNS access to a specific honeypot or group of honeypots, list
# them here, otherwise leave this variable blank
# [Valid argument: IP address | space delimited IP addresses | blank]
HwDNS_HOST=

# The name of the externally facing network interface
# [Valid argument: eth* | br* | ppp*]
HwINET_IFACE=eth0

# The name of the internally facing network interface
# [Valid argument: eth* | br* | ppp*]
HwLAN_IFACE=eth1

# The IP internal connected to the internally facing interface
# [Valid argument: IP network in CIDR notation]
HwLAN_IP_RANGE=10.10.10.0/24

# The IP broadcast address for internal network
# [Valid argument: IP broadcast address]
HwLAN_BCAST_ADDRESS=10.10.10.255

# Enable QUEUE support to integrate with Snort-Inline filtering
# [Valid argument: yes | no]
HwQUEUE=yes

# The unit of measure for setting oubtbound connection limits
# [Valid argument: second, minute, hour, day, week, month, year]
HwSCALE=hour

# The number of TCP connections per unit of measure (HwScale)
# [Valid argument: integer]
HwTCPRATE=20

# The number of UDP connections per unit of measure (HwSCALE)
# [Valid argument: integer]
HwUDPRATE=20

# The number of ICMP connections per unit of measure (HwSCALE)
# [Valid argument: integer]
HwICMPRATE=50

# The number of other IP connections per unit of measure (HwSCALE)
# [Valid argument: integer]
HwOTHERRATE=10

# Enable the SEBEK collector which delivers keystroke and files
# to a remote system even if an attacker replaces daemons such as sshd
# [Valid argument: yes | no]
HwSEBEK=no

# Enable the Walleye Web interface.
#[Valid argument: yes | no]
HwWALLEYE=yes

# Specify whether whether to drop SEBEK packets or allow them to be sent 
# outside of the Honeynet.
# [Valid argument: ACCEPT | DROP]
HwSEBEK_FATE=DROP

# Specify the SEBEK destination host IP address
# [Valid argument: IP address]
HwSEBEK_DST_IP=10.10.10.2

# Specify the SEBEK destination port
# [Valid argument: port]
HwSEBEK_DST_PORT=1101

# Enable SEBEK logging in the Honeywall firewall logs
# [Valid argument: yes | no]
HwSEBEK_LOG=no


# Specify whether the dialog menu is to be started on login to TTY1
# [Valid argument: yes | no ]
HwMANAGE_DIALOG=yes

# Specify whether management port is to be activated on start or not.
# [Valid argument: yes | no ]
HwMANAGE_STARTUP=yes

# Specy the network interface for remote management.  If set to br0, it will 
# assign MANAGE_IP to the logical bridge interface and allow its use as a 
# management interface.  Set to none to disable the management interface.
# [Valid argument: eth* | br* | ppp* | none]
HwMANAGE_IFACE=eth2

# IP of management Interface
# [Valid argument: IP address]
HwMANAGE_IP=192.168.0.11

# Netmask of management Interface
# [Valid argument: IP netmask]
HwMANAGE_NETMASK=255.255.255.0

# Default Gateway of management Interface
# [Valid argument: IP address]
HwMANAGE_GATEWAY=

# DNS Servers of management Interface
# [Valid argument: space delimited IP addresses]
HwMANAGE_DNS=

# TCP ports allowed into the management interface.
# Do NOT include the SSHD port.  It will automatically be included
# [Valid argument: space delimited list of TCP ports]
HwALLOWED_TCP_IN=443

# Specify whether or not the Honeywall will restrict outbound network 
# connections to specific destination ports.  When bridge mode is utilized,
# a management interface is required to restrict outbound network connections.
# [Valid argument: yes | no]
HwRESTRICT=yes

# Specity the TCP destination ports Honeypots can send network traffic to.
# [Valid argument: space delimited list of UDP ports]
HwALLOWED_TCP_OUT=22 25 43 80 443

# Specity the UDP destination ports Honeypots can send network traffic to.
# [Valid argument: space delimited list of UDP ports]
HwALLOWED_UDP_OUT=53 123

# Specify whether or not to start swatch and email alerting.
# [Valid argument: yes | no]
HwALERT=no

# Specify email address to use for email alerting.
# [Valid argument: any email address]
HwALERT_EMAIL=root@honeywall.honeynet

# NIC Module List - Set this to the number and order you wish
# to load NIC drivers, such that you get the order you want
# for eth0, eth1, eth2, etc.
# [Valid argument: list of strings]
#
# Example: eepro100 8139too
HwNICMODLIST=

# Blacklist, Whitelist, and Fencelist features.
# [Valid argument: string ]
HwFWBLACK=/etc/blacklist.txt

# [Valid argument: string ]
HwFWWHITE=/etc/whitelist.txt

# [Valid argument: string ]
HwFWFENCE=/etc/fencelist.txt

# [Valid argument: yes | no]
HwBWLIST_ENABLE=no

# [Valid argument: yes | no]
HwFENCELIST_ENABLE=no

# The following feature allows the roo to allow attackers into the
# honeypots but they can't send packets out...
# [Valid argument: yes | no]
HwROACHMOTEL_ENABLE=no

# Disables BPF filtering based on the contents of HwHPOT_PUBLIC_IP 
# and the black and white list contained within HwFWBLACK and HwFWWHITE
# if the HwBWLIST_ENABLE is on.  Other wise, it just filters based on
# the contents of HwHPOT_PUBLIC_IP
# [Valid argument: yes | no]
HwBPF_DISABLE=no

# This capability is not yet implemented in roo.  The variable
# has been commented out for this reason. dittrich - 02/08/05
# Options for hard drive tuning (if needed).
# [Valid argument: string ]
# Example: -c 1 -m 16 -d
HwHWPARMOPTS=

# Should we swap capslock and control keys?
HwSWAP_CAPSLOCK_CONTROL=no

##########################################################################
# Snort Rule Update Variables
##########################################################################
# Enable or disable automatic snort rule updates
# [Valid argument: yes | no]
HwRULE_ENABLE=no

# Automatically restart snort and snort_inline when automatic updates are 
# applied and when calls to update IDS or IPs rules?
# [Valid argument: yes | no]
HwSNORT_RESTART=no

# Oink Code - Required by Oinkmaster to retrieve VRT rule updates
# See: /hw/docs/README.snortrules or 
#      http://www.honeynet.org/tools/cdrom/roo/manual/
# for instructions on how to obtain it (Free registration).
# [Valid argument: ~40 char alphanum string]
HwOINKCODE=

# Day automatic snort rule updates should be retrieved (for weekly updates)
# For daily updates, set this to ""
# [Valid argument: sun | mon | tue | wed | thu | fri | sat]
HwRULE_DAY=sat

# Hour of day snort rules updates should be retrieved
# [Valid argument: 0 | 1 | 2 | ... | 23] (0 is Midnight, 12 is noon, 23 is 11PM)
HwRULE_HOUR=3

##########################################################################
# Pcap and DB data retention settings
# Currenrly ONLY used when Pcap/DB purge scripts are called
# Pcap/DB data *is NOT* automatically purged
##########################################################################
# Days to retain Pcap data.  This will be used *IF* /dlg/config/purgePcap.pl 
# is called with NO arguments.
# NOTE: Override this by supplying the number of days as an argument ala:
# /dlg/config/purgePcap.pl <days>
HwPCAPDAYS=45

# Days to retain DB data.  This will be used *IF* /dlg/config/purgeDB.pl 
# is called with NO arguments.
# NOTE: Override this by supplying the number of days as an argument ala:
# /dlg/config/purgeDB.pl <days>
HwDBDAYS=180

##########################################################################
# NAT mode is no longer supported.
# Don't mess with anything below here unless you know what you're
# doing! Don't say we didn't warn you, and don't try logging a bugzilla
# request to clean up the mess!
##########################################################################

# Space delimited list of Honeypot ips
# NOTE: MUST HAVE SAME NUMBER OF IPS AS PUBLIC_IP VARIABLE.
# [Valid argument: IP address]
#HwHPOT_PRIV_IP_FOR_NAT=

# Specify the IP address of the honeywall's internal (i.e. gateway
# IP for NAT) IP address.  This is only used in NAT mode.
# [Valid argument: IP address ex: 192.168.10.1]
#HwPRIV_IP_FOR_NAT=


# Specify the IP netmask for interface alises.  One aliases will be created
# on the external interface for each Honeypot when in NAT mode only.
# [Valid argument: IP netmask]
#HwALIAS_MASK_FOR_NAT=255.255.255.0

# End of honeywall.conf parameters

Ich komme weder über die 192.168.0.10 noch über 192.168.0.11 auf das System.
Kann mir vielleicht jemand weiterhelfen?
 
Um antworten zu können musst du eingeloggt sein.

Neue Beiträge

Zurück