use the source luke

Today I spent the day building a firewall that we will use for our new honeypot. On this firewall I’ve set up 6 vlans going from 101-106 and they will be going out on one nic as trunk. The reason for having vlans in the first place is that we don’t want one whole honeypot infected with the same type of zombies, this way they can’t infect eachother. Setting up vlans on a Debian is really easy as it comes with all the tools needed, like the vlan package and the way it handles interfaces. I’ll show you how it’s done here.

First we install the vlan package:

apt-get install vlan

Then we head over to /etc/network/interfaces and start editing that file. I used eth0 for my trunk interface, just replace with whatever floats the boat.

auto eth0
iface eth0 inet static
address 10.1.1.1
netmask 255.255.255.0
vlan_raw_device eth0
up echo "Name-Type: VLAN_NAME_TYPE_PLUS_VID_NO_PAD" > /proc/net/vlan/config

Or if you just want to bring up eth0 without an IP use this instead.

auto eth0
iface eth0 inet manual
up ifconfig eth0 0.0.0.0 up
up echo "Name-Type: VLAN_NAME_TYPE_PLUS_VID_NO_PAD" > /proc/net/vlan/config
down ifconfig eth0 down

The first example sets the native vlan1 but it’s really not necessary, or recommended. The “Name-Type” part sets how the vlan will be displayed and refered to as when you run ifconfig or put rules on it with iptables. Using this naming convention a vlan id of 101 would be refered to as “vlan101″. You can run “vconfig” to see what name types that are available.

iface vlan101 inet static
address 10.1.101.1
netmask 255.255.255.0
broadcast 10.1.101.255
mtu 1500
vlan_raw_device eth0
up echo 1 > /proc/sys/net/ipv4/conf/vlan101/arp_filter
up echo 2 > /proc/sys/net/ipv4/conf/vlan101/arp_ignore
up echo 1 > /proc/sys/net/ipv4/conf/vlan101/rp_filter

That’s all there’s to it, now go trunking those vlans to your Cisco and access them!

Related posts:

1. Debian GNU/Linux 5.0 Lenny ready for release According to the Debian february newsletter Lenny seems to be...