#55: Honeywall setup problem
------------------------+---------------------------------------------------
Reporter: HoneyBee | Owner: r...@honeynet.org
Type: task | Status: new
Priority: major | Milestone:
Component: Honeywall | Version: 1.4 Release
Resolution: | Keywords:
------------------------+---------------------------------------------------
Comment (by mike3050):
Replying to [comment:1 breusshe]:
> You'll need to configure three vSwitches and create one port group on
each vSwitch. on your ESX server. Call the first port group in the first
vSwitch "External" and connect it to your physical NIC. Call the second
port group in the second vSwitch "Internal" and DO NOT connect it to your
physical NIC. Call the third port group in the third vSwitch "Honeywall
Management" and connect it to your physical NIC. Also, for the External
and Internal vSwitches, you'll need to activate Promiscuous Mode or
traffic will not route properly.
>
> Create the vSwitches and their associated port groups in that order and
your Honeywall NIC interfaces will come up just fine. Now, for the
clients, you'll add the vNIC on the XP system that will manage the
Honeywall to the "Honeywall Management" port group when you create/edit
the NIC device. You'll do the same thing for the XP honeypot, except the
[http://zolpo.com/auto-insurance/ auto insurance quote] port group you'll
add it to will be "Internal".
>
> That should get your connectivity setup right. Now, to get Walleye (the
GUI) working, edit /etc/honeywall.conf using vi. Find and set the
following items in it:
>
> {{{
> HwMANAGE_NETMASK=<netmask of your management interface (eth2 [e.g.
255.255.255.0])>
> HwALLOWED_TCP_IN=<port used by Walleye to access server (443)>
> HwMANAGE_IP=<ip of the management interface (eth2 [xxx.xxx.xxx.xxx])>
> HwHONEYWALL_RUN=<yes to activate honeywall, no to turn it off (yes)>
> HwMANAGE_GATEWAY=<Gateway ip of the management interface (eth2
[xxx.xxx.xxx.xxx])>
> HwMANAGE_IFACE=<name of management NIC (eth2)>
> HwMANGE_DNS=<space separated list of DNS servers (xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx)>
> HwMANAGE_STARTUP=<yes to activate management interface, no for off
(yes)>
> HwALLOWED_TCP_OUT=<make sure 443 is in this list!>
> HwWALLEYE=<yes to turn on Walleye, no for off (yes)>
> HwMANAGER=<space delimited list of ip's that can connect via the
management interface (pc1 pc2 [e.g. xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx] |
[any])
> HwMANAGE_DIALOG=<yes to allow configuration via the Menu application
mentioned earlier, no to keep it turned off (yes)>
> HwHEADLESS=<yes to have Honeynet rebuild its config from honeywall.conf
at boot time, no to leave its config alone (yes)>
> }}}
>
> In the above settings, entries in parenthesis "()" are default values,
unless there are also square brackets "[]". In that case, the items in
the brackets are the examples and what is in parenthesis is the interface
it affects. HwMANAGER is special. You can either specify a space-
delimited list of IPs for computers that can manage the Honeywall, or you
can put "any", which will allow any computer to manage it. You'll want to
restrict to an IP for security reasons.
>
> Now, here is where it gets fun. You have three NICs on the Honeywall:
eth0, eth1, eth2. Eth0 and eth1 are bridged together to make a fourth
interface, br0. Eth2 is used to manage the Walleye GUI. The above
settings turns on Walleye and configures eth2. So, once you have all of
that out of the way, save the file (type: ":wq!" to save the file) and
reboot Honeywall. When it comes back up, you should be able to log into
the honeywall at https://xxx.xxx.xxx.xxx where the x's are for your eth2
IP addresss configured in /etc/honeywall.conf. The default login is:
>
> user: roo
> pwd: honey
>
> The rest if rather straight forward so I'll leave you to explore.
Thank you,it was very helpfu.
--
Ticket URL: <https://projects.honeynet.org/honeywall/ticket/55#comment:2>
Honeywall <https://projects.honeynet.org/honeywall>
Honeywall Public Project Site_______________________________________________
Honeywall mailing list
Honeywall@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall
