Ticket #116 (closed issue: invalid)

Opened 10 months ago

Last modified 9 months ago

StartManager.pl (Connection timed out)

Reported by: mbridges7718@gmail.com Assigned to: kindlund
Priority: low Milestone: 0.9
Component: HoneyClient::Manager Version: 0.99
Severity: none Keywords: manager, firewall, dhcp, lease
Cc:

Description

I decided to start the honeyclient up again from a long time ago and it seems it will not start here are the errors: 

[neo@localhost FIRM]$ perl /usr/bin/StartManager.pl --url_list urls.txt
Starting new session...
2007-11-04 10:54:19  WARN [HoneyClient::Manager::_handleFault] (/usr/lib/perl5/site_perl/5.8.8/HoneyClient/Manager.pm:342) - Error occurred during processing. 500 Can't connect to 192.168.0.128:8083 (connect: Connection timed out)
HoneyClient::Manager->_handleFault(): Error occurred during processing.
500 Can't connect to 192.168.0.128:8083 (connect: Connection timed out) at /usr/lib/perl5/site_perl/5.8.8/SOAP/Lite.pm line 3412
2007-11-04 10:54:19  INFO [HoneyClient::Manager::_cleanup] (/usr/lib/perl5/site_perl/5.8.8/HoneyClient/Manager.pm:361) - Cleaning up.
2007-11-04 10:57:29 ERROR [HoneyClient::Util::SOAP::_handleFault] (/usr/lib/perl5/site_perl/5.8.8/HoneyClient/Util/SOAP.pm:283) - Error occurred during processing. 500 Can't connect to 192.168.0.128:8083 (connect: Connection timed out)
HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
500 Can't connect to 192.168.0.128:8083 (connect: Connection timed out) at /usr/lib/perl5/site_perl/5.8.8/HoneyClient/Util/SOAP.pm line 284, <URL> line 102.

Also when I ran \etc\init.d\vmware status I go this: 

[neo@localhost FIRM]$ /etc/init.d/vmware status
At least one instance of VMware Server is still running.

Bridged networking on /dev/vmnet0 is running
Host-only networking on /dev/vmnet1 is running
Host-only networking on /dev/vmnet8 is not running
NAT networking on /dev/vmnet8 is running
Module vmmon loaded
Module vmnet loaded

I reconfigured VMware Server and editted the dhcpd.conf for vment and tried it again and got the same timeout yet again.

Thanks for you help in advance.

(Hopefully the ticket post will work this time)

Attachments

winXPPro.cfg (1.5 kB) - added by kindlund on 11/16/07 19:55:16.
Master VM Configuration (READ ONLY)
master.cfg (1.4 kB) - added by kindlund on 11/16/07 19:55:56.
Master VM Configuration (READ/WRITE)
Makefile (367 bytes) - added by kindlund on 11/16/07 19:56:30.
Master VM Makefile Helper Script

Change History

11/05/07 22:23:01 changed by kindlund

  • keywords set to manager, firewall, dhcp, lease.
  • priority changed from normal to low.
  • version changed from none to 0.99.
  • milestone set to 0.9.

Hi Mike,

Okay, I see at least two problems with the status output: 

Host-only networking on /dev/vmnet8 is not running

That should really say: 

Host-only networking on /dev/vmnet8 is running

Basically, this status message is a dumbed down message, indicating that the DHCP daemon running on vmnet8 isn't running. Please verify that both daemons are running, by issuing the following command as root: 

# ps ax | grep dhcpd

You should see output similar as this: 

16614 ?        Ss     0:00 /usr/bin/vmnet-dhcpd -cf /etc/vmware/vmnet8/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet8/dhcpd/dhcpd.leases -pf /var/run/vmnet-dhcpd-vmnet8.pid vmnet8
16622 ?        Ss     0:00 /usr/bin/vmnet-dhcpd -cf /etc/vmware/vmnet1/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet1/dhcpd/dhcpd.leases -pf /var/run/vmnet-dhcpd-vmnet1.pid vmnet1

Second, this error message also has meaning: 

500 Can't connect to 192.168.0.128:8083 (connect: Connection timed out) at /usr/lib/perl5/site_perl/5.8.8/SOAP/Lite.pm line 3412

This means that the Manager tried to connect to the Firewall VM (which should be listening on 192.168.0.128:8083). Are you sure the Firewall VM is running? Can you log in as "roo"? Can you ping 192.168.0.128 from the host system?

Hope this helps,

— Darien

11/06/07 00:04:00 changed by anonymous

I can ping 192.168.0.128 so that is good.

I do not understand why I have so much trouble with dhcp :p

It only shows vmnet1.

But after I change up the output of the results from: 

/usr/bin/vmnet-dhcpd -cf /etc/vmware/vmnet1/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet1/dhcpd/dhcpd.leases -pf /var/run/vmnet-dhcpd-vmnet1.pid vmnet1

to: 

/usr/bin/vmnet-dhcpd -cf /etc/vmware/vmnet8/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet8/dhcpd/dhcpd.leases -pf /var/run/vmnet-dhcpd-vmnet8.pid vmnet8

when I do ps ax | grep dhcpd then I do get both vmnet1 and vmnet8 showing; however I can not run the Honeyclient…it still times out.

11/06/07 10:42:17 changed by kindlund

  • status changed from new to assigned.

Okay, so the next thing is to verify that the Honeyclient-specific process is running inside the firewall.

1) From the host system ssh to roo@192.168.0.128 and use "password" as the password.

2) From there, type "ps ax | grep startFW". You should see output like this: 

 2607 ?        S      2:51 /usr/bin/perl /hc/startFWListener.pl
32355 pts/0    S+     0:00 grep startFW

If you're seeing this type of output, verify the firewall code is working properly. You can do this by typing: 

$ su -
Password: (password)

# cd /hc

# ./sendhashreftofw.pl -testConnect
Result: 1

# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  10.0.0.0/24          anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

# netstat -an | grep 8083
tcp        0      0 192.168.0.128:8083          0.0.0.0:*                   LISTEN

If any of your output is different than this, please let me know and provide a copy of the difference.

Thanks,

— Darien

11/06/07 13:05:10 changed by Michael Bridges <mbridges7718@gmail.com>

The only part where it differs is the netstat -an | grep 8083 

# netstat -an | grep 8083
tcp        0      0 192.168.0.128:8083          0.0.0.0:*      LISTEN
tcp        0      0 192.168.0.128:54745         192.168.0.128:8083  TIME_WAIT

11/06/07 13:50:34 changed by kindlund

Okay, so, the firewall VM is alive and running the Honeyclient code inside it. It just seems that the Manager is unable to remotely connect to the FW daemon.

So, from the host system, can you at least telnet to 192.168.0.128:8083?

For example, the following commands show me telnetting to 192.168.0.128:8083 and typing "GET / HTTP/1.0", followed by two returns characters: 

$ telnet 192.168.0.128 8083
Trying 192.168.0.128...
Connected to 192.168.0.128.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 405 Method Not Allowed
Date: Tue, 06 Nov 2007 18:47:39 GMT
Server: libwww-perl-daemon/1.35

Connection closed by foreign host.

If you can't telnet to that IP and port, then it sounds like you have some sort of firewall enabled on the host system.

Hope this helps,

— Darien

11/06/07 15:11:14 changed by Michael Bridges <mbridges7718@gmail.com>

Well I can not telnet to it, but there is not a firewall running I checked and made sure the firewall was disabled. The machine is running CentOS 5 and it says that the firewall is disabled.

I can ssh to my host machine through the honeywall but can not do vice versa.

11/06/07 15:23:15 changed by kindlund

Okay, so you can't telnet from the host system to the firewall VM. … and you can't SSH from the host system to the firewall VM — right?

Then that indicates some sort of firewall on the host system is blocking your connections. If that really isn't the issue, then perhaps there's some sort of routing problem. For example, vmnet8 uses 10.0.0.0/24 and vmnet1 uses 192.168.0.0/24 — could it be that the host system also uses some of that address space for other network connections?

Also, on the host system, try typing this: 

# iptables -L
# iptables -L -t nat

If you see anything from these two commands, please let me know.

— Darien

11/06/07 15:38:17 changed by Michael Bridges 

[root@localhost FIRM]# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@localhost FIRM]# /sbin/iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

There is a firewall and your first statement is correct about the can not telnet from host to firewall. The firewall on the host is completly disabled as far as I know.

11/06/07 16:08:47 changed by kindlund

Okay then, what's your routing table look like?

Can you please provide output of the following command: 

# netstat -anr

— Darien

11/06/07 19:05:01 changed by Michael Bridges 

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 vmnet1
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

Those are the results from that.

11/06/07 21:04:46 changed by kindlund

Okay, that output explains the problem.

See how there's no "vmnet8" listing? That would be a problem.

Here's an example what you should see: 

$ netstat -anr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 vmnet1
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 vmnet8
172.16.164.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         172.16.164.1    0.0.0.0         UG        0 0          0 eth0

So in your case, the routing table should look like this: 

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 vmnet1
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 vmnet8
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

Check to make sure all vmware daemons corresponding to vmnet8 are active; here's an example of what you should see on the host system: 

$ ps ax | grep vmnet8
10173 ?        S      0:00 /usr/bin/vmnet-netifup -d /var/run/vmnet-netifup-vmnet8.pid /dev/vmnet8 vmnet8
10185 ?        Ss     0:00 /usr/bin/vmnet-natd -d /var/run/vmnet-natd-8.pid -m /var/run/vmnet-natd-8.mac -c /etc/vmware/vmnet8/nat/nat.conf
10205 ?        Ss     0:00 /usr/bin/vmnet-dhcpd -cf /etc/vmware/vmnet8/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet8/dhcpd/dhcpd.leases -pf /var/run/vmnet-dhcpd-vmnet8.pid vmnet8

… are all those services running, on your host system?

— Darien

11/06/07 21:06:44 changed by kindlund

Also, you should see a "vmnet8" entry in your ifconfig: 

$ ifconfig vmnet8
vmnet8    Link encap:Ethernet  HWaddr 00:50:56:C0:00:08
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10988 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4765 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

If you don't see this, then you may need to re-run vmware-config.pl in order to re-initialize all the vmnet network interfaces, according to the UserGuide.

— Darien

11/06/07 21:25:42 changed by Michael Bridges

I only have 

[root@localhost FIRM]# ps ax | grep vmnet8
11080 ?        Ss     0:00 /usr/bin/vmnet-natd -d /var/run/vmnet-natd-8.pid -m /var/run/vmnet-natd-8.mac -c /etc/vmware/vmnet8/nat/nat.conf
11740 pts/3    R+     0:00 grep vmnet8

the machine use to work fine but for some reason vmnet8 just decided to disappear. The only way to get it back up is to start it manually and then it does not work for the honeyclient on top of that.I successfully configured VMware and restarted it and it still does not work properly. Its like my machine is failing to recognize vmnet8

11/07/07 10:11:27 changed by kindlund

Hrm… Not sure what exactly the problem is. It could be that the "/usr/bin/vmnet-netifup" service for vmnet8 is failing. Are there any clues in the syslog? How about any of the log messages within /var/log/vmware/ ?

As a last resort, you could try shutting down vmware and then running vmware-config.pl and going through each of the network configurations manually. (Don't use the wizard.)

Lastly, what does your /etc/vmware/config say?

— Darien

11/07/07 14:32:12 changed by Michael Bridges <mbridges7718@gmail.com>

I used the editor when setting up the network configurations before not the wizard, because that was what the guide used.

/etc/vmare/config 

vmnet1.hostonlyaddress = "10.0.0.1"
serverd.init.fullpath = "/usr/lib/vmware/serverd/init.pl"
authd.client.port = "902"
control.fullpath = "/usr/bin/vmware-cmd"
authd.fullpath = "/usr/sbin/vmware-authd"
loop.fullpath = "/usr/bin/vmware-loop"
libdir = "/usr/lib/vmware"
vmware.fullpath = "/usr/bin/vmware"
vmnet1.hostonlynetmask = "255.255.255.0"
vmdir = "/vm"
dhcpd.fullpath = "/usr/bin/vmnet-dhcpd"
serverd.fullpath = "/usr/sbin/vmware-serverd"

datastore.name = "local"

datastore.localpath = "/vm/"

Something tells me that there needs to be something about vmnet8 in that.

I found something interesting in /var/log/messages 

Nov  5 22:53:13 localhost vmnet-dhcpd: Can't remove old lease database backup /etc/vmware/vmnet8/dhcpd/dhcpd.leases~: Permission denied

11/07/07 18:01:56 changed by kindlund

Actually, your /etc/vmware/config file looks correct. There is not supposed to be any mention of vmnet8 in that file. Apparently, VMware Server figures out if vmnet8 is needed from the /etc/vmware/locations file and if /etc/vmware/vmnet8 directory exists. 

# cd /etc/vmware
# grep -r vmnet8 *
locations:file /dev/vmnet8
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:directory /etc/vmware/vmnet8
locations:directory /etc/vmware/vmnet8/dhcpd
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1179165869
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:directory /etc/vmware/vmnet8/nat
locations:file /etc/vmware/vmnet8/nat/nat.conf 1179165869
vmnet8/dhcpd/dhcpd.conf:# Configuration file for ISC 2.0b6pl1 vmnet-dhcpd operating on vmnet8.
vmnet8/nat/nat.conf:device = /dev/vmnet8

Regarding your error message in /var/log/messages, check the permissions/ownership of that dhcp.leases~ file. I'm assuming you're running the /etc/init.d/vmware startup script as root, in which case, root:root and 644 should work for that file.

— Darien

11/07/07 18:49:10 changed by Michael Bridges 

[root@localhost vmware]# grep -r vmnet8 *
locations:file /dev/vmnet8
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:directory /etc/vmware/vmnet8
locations:directory /etc/vmware/vmnet8/dhcpd
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194069423
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:directory /etc/vmware/vmnet8/nat
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194069423
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194069542
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194069542
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194069645
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194069645
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194072706
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194072706
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194109100
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194109100
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194109281
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194109281
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194282488
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194282488
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194282561
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194282561
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194401287
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194401287
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194401413
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194401413
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194407266
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194407266
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194407396
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194407396
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194475017
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194475017
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /dev/vmnet8
locations:file /dev/vmnet8
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.conf
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.conf 1194475085
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases
locations:remove_file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:file /etc/vmware/vmnet8/dhcpd/dhcpd.leases~
locations:remove_file /etc/vmware/vmnet8/nat/nat.conf
locations:file /etc/vmware/vmnet8/nat/nat.conf 1194475085
vmnet8/nat/nat.conf:device = /dev/vmnet8
vmnet8/dhcpd/dhcpd.conf:# Configuration file for ISC 2.0b6pl1 vmnet-dhcpd operating on vmnet8.
[root@localhost vmware]#

Thats the results from that, and I checked the permissions on the file and reset them.

11/07/07 22:39:27 changed by kindlund

Okay, so, does issuing a "/etc/init.d/vmware stop", followed by "/etc/init.d/vmware start" as root give you a vmnet8 interface (via "ifconfig vmnet8")? If not, are there any new log entries (either in /var/log/messages or /var/log/vmware/*) ?

— Darien

11/07/07 22:41:38 changed by kindlund

Also, if none of this is working, you could always try to run "vmware-uninstall.pl" followed by "vmware-install.pl" and see if that process recreates vmnet8 upon vmware startup.

11/08/07 19:26:15 changed by Michael Bridges

I found this interesting thing in the logs. 

Nov  7 22:30:34 localhost VMware[init]: Host-only networking disabled because 192.168.0.1
Nov  7 22:30:34 localhost VMware[init]: appears to be a real, physical, existing address.
Nov  7 22:30:34 localhost VMware[init]: Please run "/usr/bin/vmware-config.pl" to
Nov  7 22:30:34 localhost VMware[init]: modify your host-only network configuration.

11/12/07 17:10:02 changed by kindlund

  • reporter changed from Michael Bridges <mbridges7718@gmail.com> to mbridges7718@gmail.com.

Hi Michael,

Sorry about the delay. As the log says, it looks like your physical network configuration is conflicting with your virtual network configuration. VMware Server has a tough time figuring out how to properly route packets, with the network masks overlap or intersect.

As a test (if you can), try disabling eth0 and see if VMware Server is able to start up vmnet8. If that works, then you know there's some sort of direct conflict there. You can either change the honeyclient code and the VMware Server configuration to use a different subnet address for vmnet8 (though it's unsupported), or you can try to change your network configuration on eth0 accordingly.

Regards,

— Darien

11/16/07 16:07:55 changed by mbridges7718@gmail.com

I got it to work. I had to disable eth0 on my host machine, and then restart xinetd and vmware then turn on the firewall and then turn eth0 back on.

Can you post your .vmx configuration file for your master because no matter how many times I chmod or chown the files and directoy for my master I keep getting. 

Cannot open the disk '/vm/master/master.vmdk' or one of the snapshot disks it depends on.
Reason: Insufficient permission to access file.

My permission settings always get changed right when the manager sets the master and then clones it.

11/16/07 19:55:16 changed by kindlund

  • attachment winXPPro.cfg added.

Master VM Configuration (READ ONLY)

11/16/07 19:55:56 changed by kindlund

  • attachment master.cfg added.

Master VM Configuration (READ/WRITE)

11/16/07 19:56:30 changed by kindlund

  • attachment Makefile added.

Master VM Makefile Helper Script

11/16/07 20:00:52 changed by kindlund

  • status changed from assigned to closed.
  • resolution set to invalid.

Okay, well, to be clear, when the HoneyClient code runs and sets the master VM as a "master", (by default) it sets the permissions of all data in the master VM directory to be READ ONLY. This is because when new clones are created, the cloned VM relies on the master VM's main .vmdk files and assumes those .vmdk files never change.

So, if you run the HoneyClient code for a bit and then decide that you want to change the original master VM, you have to chmod the master VM data so that it is no longer read-only. However, once you do this, all of the clones you've created based upon that master VM will no longer work, since the master VM has changed.

I've attached several files to this ticket which would help you. "master.cfg" is the configuration of the master VM in READ/WRITE mode. "winXPPro.cfg" is the configuration of the master VM in READ ONLY mode. "Makefile" is a handy script that allows you to switch between read/write and read-only mode. Copy the "Makefile" script into the directory that contains the master VM.

Then, the commands are: 

make master
make clone
make register
make unregister

Let me know if this helps; feel free to add to this ticket, if you have further questions about this issue.

— Darien

Add/Change #116 (StartManager.pl (Connection timed out))




Change Properties
Action