Setting Up A DMZ on ESXi 5.5, with PfSense ready for a honeypot

So I have recently setup a kippo honeypot, let me show you how I setup my DMZ ready for the honeypot. This step by step guide will walk you through how to achieve this. We will be using VMWare Esxi 5.5 , PfSense and KIPPO SSH Honeypot.

Open up your vSphere Client

Open_up_your_vSphere_Client.jpg
So we need to setup our server networking. Go to the configuration tab.

So here is an example network setup

So_here_is_an_example_network_setup.jpg
This server has 2 physicla NIC’s . One is for WAN and the other is for LAN. But we want to setup a DMZ …

Add Networking

Add_Networking.jpg
So we will need to click on Add Networking.

Choose Virtual Machine

Choose_Virtual_Machine.jpg
Then click on NEXT

Create a Virtual Switch

Create_a_Virtual_Switch.jpg
We dont want to use one of the physical NIC’s so we want to choose the top option, not one of the physical adapters . Click NEXT

Type in the Network Label

Type_in_the_Network_Label.jpg
So as we are making a DMZ lets give it a name …Click on NEXT, then on the screen after click FINISH

Now we have a DMZ

Now_we_have_a_DMZ.jpg
And thats it. We now have a DMZ.

Now you can see above that I’ve dragged 2 VM’s into this switch setup.

One is PfSense = Firewall
One is KIPPO – Honeypot

So this is the DMZ done, but what about the rest ?

So_this_is_the_DMZ_done__but_what_about_the_rest_.jpg
So this is only half of the battle. We now need to setup the firewall rules to make it an actual DMZ. Lets jump over to the PfSense Firewall.
As you can see we have a WAN a LAN and a DMZ

Interfaces

Interfaces.jpg
So once you have setup the ESXi DMZ you now need to assign the interface, i have already done it but click on the menu above and choose (assign).

DMZ

DMZ.jpg
Where it says DMZ for me, you will have something like OPT1. Click on the drop down menu and choose the virtual NIC card of the DMZ you created in ESXi.

Setup The IP’s

Setup_The_IP_s.jpg
Go back to the PfSense dashboard view and click on DMZ under Interfaces.

Static IP

Static_IP.jpg
Make sure your DMZ is statically set to a different subnet to your LAN.
E.G if your lan is 192.168.5.0/24 then your DMZ needs to be different like 192.168.52.0/24
So we would set the DMZ IP as 192.168.52.1 and choose the /24

We now have a ESXi DMZ and we have a PfSense firewall configured DMZ.

The last thing to do is setup the honeypot with a static ip in the DMZ range so anything in the 192.168.52.X range (exlude the ip you set above for the DMZ)
Then setup the honeypots gateway to point to the static IP you set above as the DMZ

Firewall Rules

Firewall_Rules.jpg
So now we need to setup some Firewall Rules. Remember always from the top down.

So here i am blocking access from the DMZ –> LAN
i am also blocking DMZ –> VPN network
Then the bottom rule is allow DMZ –> WAN , this gives the DMZ access out to the internet.

So at this point the DMZ cant contact the LAN, which is good, but the LAN can access the DMZ which is fine and how we want it.

Port Forwarding

Port_Forwarding.jpg
The last step is NAT, port forwarding. So we are going to allow port 22 ( as this is a Kippo SSH honeypot ) and forward it to the DMZ honeypot IP on port 2222 as this is the default Kippo port. Apply the changes

And we have a honeypot!

And_we_have_a_honeypot_.jpg
And we have a Kippo honeypot running and being attacked.

Hopefully this has helped someone out there that has read this, please support the site and me by showing your support. Enjoy honeypotting.