snoophallo
Erfahrenes Mitglied
Ich hab folgendes Problem und zwar komme ich bei meiner Testhoneywall nicht auf das Managementinterface (Webinterface).
host-only bedeutet ja eigentlich, dass ich von meinem physikalischen Hostsystem trotzdem noch mit den virtuellen VMs in Verbindung stehe oder?
Somit müsste ja eigentlich die IP-Adresse des Managemetsystem auch aus dem IP-Address-Bereich des physikalsichen Host stammen um in Kontakt treten so können.
Ich habe dabei die VMware so konfiguriert (unter Windows):
Honeywall:
1.Netzwerkinterface(bridged)(honeywall:eth0)
2. Netzwerkinterface (host-only)(honeywall:eth1)
3. Netzwerkinterface (host-only)(honeywall:eth2)
physikalsiches Netzwerk 192.168.0.0/24
virtuelles Netzwerk: 10.10.10.0/24
Ich komme weder über die 192.168.0.10 noch über 192.168.0.11 auf das System.
Kann mir vielleicht jemand weiterhelfen?
host-only bedeutet ja eigentlich, dass ich von meinem physikalischen Hostsystem trotzdem noch mit den virtuellen VMs in Verbindung stehe oder?
Somit müsste ja eigentlich die IP-Adresse des Managemetsystem auch aus dem IP-Address-Bereich des physikalsichen Host stammen um in Kontakt treten so können.
Ich habe dabei die VMware so konfiguriert (unter Windows):
Honeywall:
1.Netzwerkinterface(bridged)(honeywall:eth0)
2. Netzwerkinterface (host-only)(honeywall:eth1)
3. Netzwerkinterface (host-only)(honeywall:eth2)
physikalsiches Netzwerk 192.168.0.0/24
virtuelles Netzwerk: 10.10.10.0/24
Code:
#####################################################################
#
# $Id: honeywall.conf 4552 2006-10-17 01:06:51Z esammons $
#
#############################################
#
# Copyright (C) <2005> <The Honeynet Project>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA
#
#############################################
#
# This file is the Honeywall import file (aka "honeywall.conf").
# It is a list of VARIABLE=VALUE tuples (including comments as
# necessary, # such as this) and whitespace lines.
#
# note: DO NOT surround values in quotation marks
#
#####################################################################
############################
# Site variables that are #
# global to all honeywalls #
# at a site. #
############################
# Specify the IP address(es) and/or networks that are allowed to connect
# to the management interface. Specify any to allow unrestricted access.
# [Valid argument: IP address(es) | IP network(s) in CIDR notation | any]
HwMANAGER=any
# Specify the port on which SSHD will listen
# NOTE: Automatically aded to the list of TCP ports allowed in by IPTables
# [Valid argument: TCP (port 0 - 65535)]
HwSSHD_PORT=22
# Specify whether or not root can login remotely over SSH
# [Valid argument: yes | no]
HwSSHD_REMOTE_ROOT_LOGIN=no
# NTP Time server(s)
# [Valid argument: IP address]
HwTIME_SVR=
############################
# Local variables that are #
# specific to each #
# honeywall at a site. #
############################
# Specify the system hostname
# [Valid argument: string ]
HwHOSTNAME=honeywall
# Specify the system DNS domain
# [Valid argument: string ]
HwDOMAIN=honeynet
#Start the Honeywall on boot
# [Valid argument: yes | no]
HwHONEYWALL_RUN=yes
# To use a headless system.
# [Valid argument: yes | no]
HwHEADLESS=no
# This Honeywall's public IP address(es)
# [Valid argument: IP address | space delimited IP addresses]
HwHPOT_PUBLIC_IP=192.168.0.10
# DNS servers honeypots are allowed to communicate with
# [Valid argument: IP address | space delimited IP addresses]
HwDNS_SVRS=
# To restrict DNS access to a specific honeypot or group of honeypots, list
# them here, otherwise leave this variable blank
# [Valid argument: IP address | space delimited IP addresses | blank]
HwDNS_HOST=
# The name of the externally facing network interface
# [Valid argument: eth* | br* | ppp*]
HwINET_IFACE=eth0
# The name of the internally facing network interface
# [Valid argument: eth* | br* | ppp*]
HwLAN_IFACE=eth1
# The IP internal connected to the internally facing interface
# [Valid argument: IP network in CIDR notation]
HwLAN_IP_RANGE=10.10.10.0/24
# The IP broadcast address for internal network
# [Valid argument: IP broadcast address]
HwLAN_BCAST_ADDRESS=10.10.10.255
# Enable QUEUE support to integrate with Snort-Inline filtering
# [Valid argument: yes | no]
HwQUEUE=yes
# The unit of measure for setting oubtbound connection limits
# [Valid argument: second, minute, hour, day, week, month, year]
HwSCALE=hour
# The number of TCP connections per unit of measure (HwScale)
# [Valid argument: integer]
HwTCPRATE=20
# The number of UDP connections per unit of measure (HwSCALE)
# [Valid argument: integer]
HwUDPRATE=20
# The number of ICMP connections per unit of measure (HwSCALE)
# [Valid argument: integer]
HwICMPRATE=50
# The number of other IP connections per unit of measure (HwSCALE)
# [Valid argument: integer]
HwOTHERRATE=10
# Enable the SEBEK collector which delivers keystroke and files
# to a remote system even if an attacker replaces daemons such as sshd
# [Valid argument: yes | no]
HwSEBEK=no
# Enable the Walleye Web interface.
#[Valid argument: yes | no]
HwWALLEYE=yes
# Specify whether whether to drop SEBEK packets or allow them to be sent
# outside of the Honeynet.
# [Valid argument: ACCEPT | DROP]
HwSEBEK_FATE=DROP
# Specify the SEBEK destination host IP address
# [Valid argument: IP address]
HwSEBEK_DST_IP=10.10.10.2
# Specify the SEBEK destination port
# [Valid argument: port]
HwSEBEK_DST_PORT=1101
# Enable SEBEK logging in the Honeywall firewall logs
# [Valid argument: yes | no]
HwSEBEK_LOG=no
# Specify whether the dialog menu is to be started on login to TTY1
# [Valid argument: yes | no ]
HwMANAGE_DIALOG=yes
# Specify whether management port is to be activated on start or not.
# [Valid argument: yes | no ]
HwMANAGE_STARTUP=yes
# Specy the network interface for remote management. If set to br0, it will
# assign MANAGE_IP to the logical bridge interface and allow its use as a
# management interface. Set to none to disable the management interface.
# [Valid argument: eth* | br* | ppp* | none]
HwMANAGE_IFACE=eth2
# IP of management Interface
# [Valid argument: IP address]
HwMANAGE_IP=192.168.0.11
# Netmask of management Interface
# [Valid argument: IP netmask]
HwMANAGE_NETMASK=255.255.255.0
# Default Gateway of management Interface
# [Valid argument: IP address]
HwMANAGE_GATEWAY=
# DNS Servers of management Interface
# [Valid argument: space delimited IP addresses]
HwMANAGE_DNS=
# TCP ports allowed into the management interface.
# Do NOT include the SSHD port. It will automatically be included
# [Valid argument: space delimited list of TCP ports]
HwALLOWED_TCP_IN=443
# Specify whether or not the Honeywall will restrict outbound network
# connections to specific destination ports. When bridge mode is utilized,
# a management interface is required to restrict outbound network connections.
# [Valid argument: yes | no]
HwRESTRICT=yes
# Specity the TCP destination ports Honeypots can send network traffic to.
# [Valid argument: space delimited list of UDP ports]
HwALLOWED_TCP_OUT=22 25 43 80 443
# Specity the UDP destination ports Honeypots can send network traffic to.
# [Valid argument: space delimited list of UDP ports]
HwALLOWED_UDP_OUT=53 123
# Specify whether or not to start swatch and email alerting.
# [Valid argument: yes | no]
HwALERT=no
# Specify email address to use for email alerting.
# [Valid argument: any email address]
HwALERT_EMAIL=root@honeywall.honeynet
# NIC Module List - Set this to the number and order you wish
# to load NIC drivers, such that you get the order you want
# for eth0, eth1, eth2, etc.
# [Valid argument: list of strings]
#
# Example: eepro100 8139too
HwNICMODLIST=
# Blacklist, Whitelist, and Fencelist features.
# [Valid argument: string ]
HwFWBLACK=/etc/blacklist.txt
# [Valid argument: string ]
HwFWWHITE=/etc/whitelist.txt
# [Valid argument: string ]
HwFWFENCE=/etc/fencelist.txt
# [Valid argument: yes | no]
HwBWLIST_ENABLE=no
# [Valid argument: yes | no]
HwFENCELIST_ENABLE=no
# The following feature allows the roo to allow attackers into the
# honeypots but they can't send packets out...
# [Valid argument: yes | no]
HwROACHMOTEL_ENABLE=no
# Disables BPF filtering based on the contents of HwHPOT_PUBLIC_IP
# and the black and white list contained within HwFWBLACK and HwFWWHITE
# if the HwBWLIST_ENABLE is on. Other wise, it just filters based on
# the contents of HwHPOT_PUBLIC_IP
# [Valid argument: yes | no]
HwBPF_DISABLE=no
# This capability is not yet implemented in roo. The variable
# has been commented out for this reason. dittrich - 02/08/05
# Options for hard drive tuning (if needed).
# [Valid argument: string ]
# Example: -c 1 -m 16 -d
HwHWPARMOPTS=
# Should we swap capslock and control keys?
HwSWAP_CAPSLOCK_CONTROL=no
##########################################################################
# Snort Rule Update Variables
##########################################################################
# Enable or disable automatic snort rule updates
# [Valid argument: yes | no]
HwRULE_ENABLE=no
# Automatically restart snort and snort_inline when automatic updates are
# applied and when calls to update IDS or IPs rules?
# [Valid argument: yes | no]
HwSNORT_RESTART=no
# Oink Code - Required by Oinkmaster to retrieve VRT rule updates
# See: /hw/docs/README.snortrules or
# http://www.honeynet.org/tools/cdrom/roo/manual/
# for instructions on how to obtain it (Free registration).
# [Valid argument: ~40 char alphanum string]
HwOINKCODE=
# Day automatic snort rule updates should be retrieved (for weekly updates)
# For daily updates, set this to ""
# [Valid argument: sun | mon | tue | wed | thu | fri | sat]
HwRULE_DAY=sat
# Hour of day snort rules updates should be retrieved
# [Valid argument: 0 | 1 | 2 | ... | 23] (0 is Midnight, 12 is noon, 23 is 11PM)
HwRULE_HOUR=3
##########################################################################
# Pcap and DB data retention settings
# Currenrly ONLY used when Pcap/DB purge scripts are called
# Pcap/DB data *is NOT* automatically purged
##########################################################################
# Days to retain Pcap data. This will be used *IF* /dlg/config/purgePcap.pl
# is called with NO arguments.
# NOTE: Override this by supplying the number of days as an argument ala:
# /dlg/config/purgePcap.pl <days>
HwPCAPDAYS=45
# Days to retain DB data. This will be used *IF* /dlg/config/purgeDB.pl
# is called with NO arguments.
# NOTE: Override this by supplying the number of days as an argument ala:
# /dlg/config/purgeDB.pl <days>
HwDBDAYS=180
##########################################################################
# NAT mode is no longer supported.
# Don't mess with anything below here unless you know what you're
# doing! Don't say we didn't warn you, and don't try logging a bugzilla
# request to clean up the mess!
##########################################################################
# Space delimited list of Honeypot ips
# NOTE: MUST HAVE SAME NUMBER OF IPS AS PUBLIC_IP VARIABLE.
# [Valid argument: IP address]
#HwHPOT_PRIV_IP_FOR_NAT=
# Specify the IP address of the honeywall's internal (i.e. gateway
# IP for NAT) IP address. This is only used in NAT mode.
# [Valid argument: IP address ex: 192.168.10.1]
#HwPRIV_IP_FOR_NAT=
# Specify the IP netmask for interface alises. One aliases will be created
# on the external interface for each Honeypot when in NAT mode only.
# [Valid argument: IP netmask]
#HwALIAS_MASK_FOR_NAT=255.255.255.0
# End of honeywall.conf parameters
Ich komme weder über die 192.168.0.10 noch über 192.168.0.11 auf das System.
Kann mir vielleicht jemand weiterhelfen?