Hosting a simple honeypot server in each of 3 VLANs using one ethernet port
Clash Royale CLAN TAG#URR8PPP
I am trying to set up a honeypot server in different VLANs. The company I work in has 3 VLANS: 10, 20, 30. My goal is to use a Raspberry Pi to host a simple honeypot and broadcast sniffer (for ARP and DHCP) in each of those VLANs.
I am connected via trunk to main switch, and for each VLANs, I think I would need a virtual interfaces be able to talk inside those:
VLAN 10: 192.168.1.0/24 (I wish to have 192.168.1.100 here)
VLAN 20: 192.168.2.0/24 (I wish to have 192.168.2.100 here)
VLAN 30: 192.168.60.0/24 (I wish to have 192.168.60.100 here)
As far I know I can use like eth0:1, eth0:2 and eth0:3, and assign basic IP info to each of them. Will this work?
linux networking network-interface vlan
edited Feb 7 at 18:25
Rui F Ribeiro
40.7k1479137
asked Feb 7 at 18:10
RedSRedS
274
add a comment |
I am trying to set up a honeypot server in different VLANs. The company I work in has 3 VLANS: 10, 20, 30. My goal is to use a Raspberry Pi to host a simple honeypot and broadcast sniffer (for ARP and DHCP) in each of those VLANs.
I am connected via trunk to main switch, and for each VLANs, I think I would need a virtual interfaces be able to talk inside those:
VLAN 10: 192.168.1.0/24 (I wish to have 192.168.1.100 here)
VLAN 20: 192.168.2.0/24 (I wish to have 192.168.2.100 here)
VLAN 30: 192.168.60.0/24 (I wish to have 192.168.60.100 here)
As far I know I can use like eth0:1, eth0:2 and eth0:3, and assign basic IP info to each of them. Will this work?
linux networking network-interface vlan
edited Feb 7 at 18:25
Rui F Ribeiro
40.7k1479137
asked Feb 7 at 18:10
RedSRedS
274
No, it wont as you describe it, for putting services there. You need to put the ethernet/linux in "trunk mode" eg understanding tagged VLANs. And then the rpi interface is 100Mbps and you are pointing to it a trunk of 1Gbps....seems fun. It would be wise using something more powerful.
– Rui F Ribeiro
Feb 7 at 18:29
I can choose Intel NUC aswell which has 1 gigabit Ethernet for this, just looking for software solution :)
– RedS
Feb 7 at 21:42
add a comment |
I am trying to set up a honeypot server in different VLANs. The company I work in has 3 VLANS: 10, 20, 30. My goal is to use a Raspberry Pi to host a simple honeypot and broadcast sniffer (for ARP and DHCP) in each of those VLANs.
I am connected via trunk to main switch, and for each VLANs, I think I would need a virtual interfaces be able to talk inside those:
VLAN 10: 192.168.1.0/24 (I wish to have 192.168.1.100 here)
VLAN 20: 192.168.2.0/24 (I wish to have 192.168.2.100 here)
VLAN 30: 192.168.60.0/24 (I wish to have 192.168.60.100 here)
As far I know I can use like eth0:1, eth0:2 and eth0:3, and assign basic IP info to each of them. Will this work?
linux networking network-interface vlan
edited Feb 7 at 18:25
Rui F Ribeiro
40.7k1479137
asked Feb 7 at 18:10
RedSRedS
274
I am trying to set up a honeypot server in different VLANs. The company I work in has 3 VLANS: 10, 20, 30. My goal is to use a Raspberry Pi to host a simple honeypot and broadcast sniffer (for ARP and DHCP) in each of those VLANs.
I am connected via trunk to main switch, and for each VLANs, I think I would need a virtual interfaces be able to talk inside those:
VLAN 10: 192.168.1.0/24 (I wish to have 192.168.1.100 here)
VLAN 20: 192.168.2.0/24 (I wish to have 192.168.2.100 here)
VLAN 30: 192.168.60.0/24 (I wish to have 192.168.60.100 here)
As far I know I can use like eth0:1, eth0:2 and eth0:3, and assign basic IP info to each of them. Will this work?
linux networking network-interface vlan
linux networking network-interface vlan
edited Feb 7 at 18:25
Rui F Ribeiro
40.7k1479137
asked Feb 7 at 18:10
RedSRedS
274
edited Feb 7 at 18:25
Rui F Ribeiro
40.7k1479137
asked Feb 7 at 18:10
RedSRedS
274
edited Feb 7 at 18:25
Rui F Ribeiro
40.7k1479137
edited Feb 7 at 18:25
Rui F Ribeiro
40.7k1479137
edited Feb 7 at 18:25
Rui F Ribeiro
40.7k1479137
40.7k1479137
asked Feb 7 at 18:10
RedSRedS
274
asked Feb 7 at 18:10
RedSRedS
274
asked Feb 7 at 18:10
RedSRedS
274
274
No, it wont as you describe it, for putting services there. You need to put the ethernet/linux in "trunk mode" eg understanding tagged VLANs. And then the rpi interface is 100Mbps and you are pointing to it a trunk of 1Gbps....seems fun. It would be wise using something more powerful.
– Rui F Ribeiro
Feb 7 at 18:29
I can choose Intel NUC aswell which has 1 gigabit Ethernet for this, just looking for software solution :)
– RedS
Feb 7 at 21:42
add a comment |
No, it wont as you describe it, for putting services there. You need to put the ethernet/linux in "trunk mode" eg understanding tagged VLANs. And then the rpi interface is 100Mbps and you are pointing to it a trunk of 1Gbps....seems fun. It would be wise using something more powerful.
– Rui F Ribeiro
Feb 7 at 18:29
I can choose Intel NUC aswell which has 1 gigabit Ethernet for this, just looking for software solution :)
– RedS
Feb 7 at 21:42
No, it wont as you describe it, for putting services there. You need to put the ethernet/linux in "trunk mode" eg understanding tagged VLANs. And then the rpi interface is 100Mbps and you are pointing to it a trunk of 1Gbps....seems fun. It would be wise using something more powerful.
– Rui F Ribeiro
Feb 7 at 18:29
No, it wont as you describe it, for putting services there. You need to put the ethernet/linux in "trunk mode" eg understanding tagged VLANs. And then the rpi interface is 100Mbps and you are pointing to it a trunk of 1Gbps....seems fun. It would be wise using something more powerful.
– Rui F Ribeiro
Feb 7 at 18:29
I can choose Intel NUC aswell which has 1 gigabit Ethernet for this, just looking for software solution :)
– RedS
Feb 7 at 21:42
I can choose Intel NUC aswell which has 1 gigabit Ethernet for this, just looking for software solution :)
– RedS
Feb 7 at 21:42
add a comment |
1 Answer
1
active
oldest
votes
For this "simple" case (ie not involving bridges and bridge ports, overlapping VLANs or any other fancy setup), you just have to create three vlan sub-interfaces with their default settings. Once done you can now consider you have three interfaces as usual and forget about the physical interface or VLANs. Default settings will just tag and untag the single vlan id automatically on each interface. One naming convention among others for those interfaces is to add the vlan id after the base interface name with a dot between.
ip link add eth0.10 link eth0 type vlan id 10
ip link add eth0.20 link eth0 type vlan id 20
ip link add eth0.30 link eth0 type vlan id 30
ip link set eth0 up
ip link set eth0.10 up
ip link set eth0.20 up
ip link set eth0.30 up
That's it. You can now configure them as usual as if they were basic ethernet interfaces without having to consider VLANs anymore. Please forget ifconfig which has been obsolete for 10 years and switch to ip ... instead. The use of : is a leftover from this and is used with ifconfig for setting additional IPs on the same interface, not for adding additional interfaces.
ip address add dev eth0.10 192.168.1.100/24
ip address add dev eth0.20 192.168.2.100/24
ip address add dev eth0.30 192.168.60.100/24
Now for example tcpdump will display ethertype 802.1Q frames on eth0, but only usual (for example) ethertype ARP or ethertype IPv4 frames on eth0.10: the kernel handles automatic tagging/untagging for the vlan sub-interfaces. Avoid having special network tools like DHCP listening directly on eth0, some can be confused with the tagging.
Any problem you will then likely encounter will not be caused by VLANs but by routing: you can't expect a multi-homed setting like this to freely use any of its IPs to anywhere without policy routing. As long as you don't try to have more than one default gateway or reach the same destination using two different paths, you shouldn't need policy routing.
Instead of manually configuring interfaces you should consider using system settings to create and configure those interfaces. For example Debian's ifupdown's vlan extended options, or NetworkManager both can create and configure those interfaces.
Also, as commented by Rui F Ribeiro, you should be using hardware able to cope with the traffic, and a RPi might not be enough.
answered Feb 7 at 20:06
A.BA.B
5,1121727
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499324%2fhosting-a-simple-honeypot-server-in-each-of-3-vlans-using-one-ethernet-port%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
For this "simple" case (ie not involving bridges and bridge ports, overlapping VLANs or any other fancy setup), you just have to create three vlan sub-interfaces with their default settings. Once done you can now consider you have three interfaces as usual and forget about the physical interface or VLANs. Default settings will just tag and untag the single vlan id automatically on each interface. One naming convention among others for those interfaces is to add the vlan id after the base interface name with a dot between.
ip link add eth0.10 link eth0 type vlan id 10
ip link add eth0.20 link eth0 type vlan id 20
ip link add eth0.30 link eth0 type vlan id 30
ip link set eth0 up
ip link set eth0.10 up
ip link set eth0.20 up
ip link set eth0.30 up
That's it. You can now configure them as usual as if they were basic ethernet interfaces without having to consider VLANs anymore. Please forget ifconfig which has been obsolete for 10 years and switch to ip ... instead. The use of : is a leftover from this and is used with ifconfig for setting additional IPs on the same interface, not for adding additional interfaces.
ip address add dev eth0.10 192.168.1.100/24
ip address add dev eth0.20 192.168.2.100/24
ip address add dev eth0.30 192.168.60.100/24
Now for example tcpdump will display ethertype 802.1Q frames on eth0, but only usual (for example) ethertype ARP or ethertype IPv4 frames on eth0.10: the kernel handles automatic tagging/untagging for the vlan sub-interfaces. Avoid having special network tools like DHCP listening directly on eth0, some can be confused with the tagging.
Any problem you will then likely encounter will not be caused by VLANs but by routing: you can't expect a multi-homed setting like this to freely use any of its IPs to anywhere without policy routing. As long as you don't try to have more than one default gateway or reach the same destination using two different paths, you shouldn't need policy routing.
Instead of manually configuring interfaces you should consider using system settings to create and configure those interfaces. For example Debian's ifupdown's vlan extended options, or NetworkManager both can create and configure those interfaces.
Also, as commented by Rui F Ribeiro, you should be using hardware able to cope with the traffic, and a RPi might not be enough.
answered Feb 7 at 20:06
A.BA.B
5,1121727
add a comment |
For this "simple" case (ie not involving bridges and bridge ports, overlapping VLANs or any other fancy setup), you just have to create three vlan sub-interfaces with their default settings. Once done you can now consider you have three interfaces as usual and forget about the physical interface or VLANs. Default settings will just tag and untag the single vlan id automatically on each interface. One naming convention among others for those interfaces is to add the vlan id after the base interface name with a dot between.
ip link add eth0.10 link eth0 type vlan id 10
ip link add eth0.20 link eth0 type vlan id 20
ip link add eth0.30 link eth0 type vlan id 30
ip link set eth0 up
ip link set eth0.10 up
ip link set eth0.20 up
ip link set eth0.30 up
That's it. You can now configure them as usual as if they were basic ethernet interfaces without having to consider VLANs anymore. Please forget ifconfig which has been obsolete for 10 years and switch to ip ... instead. The use of : is a leftover from this and is used with ifconfig for setting additional IPs on the same interface, not for adding additional interfaces.
ip address add dev eth0.10 192.168.1.100/24
ip address add dev eth0.20 192.168.2.100/24
ip address add dev eth0.30 192.168.60.100/24
Now for example tcpdump will display ethertype 802.1Q frames on eth0, but only usual (for example) ethertype ARP or ethertype IPv4 frames on eth0.10: the kernel handles automatic tagging/untagging for the vlan sub-interfaces. Avoid having special network tools like DHCP listening directly on eth0, some can be confused with the tagging.
Any problem you will then likely encounter will not be caused by VLANs but by routing: you can't expect a multi-homed setting like this to freely use any of its IPs to anywhere without policy routing. As long as you don't try to have more than one default gateway or reach the same destination using two different paths, you shouldn't need policy routing.
Instead of manually configuring interfaces you should consider using system settings to create and configure those interfaces. For example Debian's ifupdown's vlan extended options, or NetworkManager both can create and configure those interfaces.
Also, as commented by Rui F Ribeiro, you should be using hardware able to cope with the traffic, and a RPi might not be enough.
answered Feb 7 at 20:06
A.BA.B
5,1121727
add a comment |
For this "simple" case (ie not involving bridges and bridge ports, overlapping VLANs or any other fancy setup), you just have to create three vlan sub-interfaces with their default settings. Once done you can now consider you have three interfaces as usual and forget about the physical interface or VLANs. Default settings will just tag and untag the single vlan id automatically on each interface. One naming convention among others for those interfaces is to add the vlan id after the base interface name with a dot between.
ip link add eth0.10 link eth0 type vlan id 10
ip link add eth0.20 link eth0 type vlan id 20
ip link add eth0.30 link eth0 type vlan id 30
ip link set eth0 up
ip link set eth0.10 up
ip link set eth0.20 up
ip link set eth0.30 up
That's it. You can now configure them as usual as if they were basic ethernet interfaces without having to consider VLANs anymore. Please forget ifconfig which has been obsolete for 10 years and switch to ip ... instead. The use of : is a leftover from this and is used with ifconfig for setting additional IPs on the same interface, not for adding additional interfaces.
ip address add dev eth0.10 192.168.1.100/24
ip address add dev eth0.20 192.168.2.100/24
ip address add dev eth0.30 192.168.60.100/24
Now for example tcpdump will display ethertype 802.1Q frames on eth0, but only usual (for example) ethertype ARP or ethertype IPv4 frames on eth0.10: the kernel handles automatic tagging/untagging for the vlan sub-interfaces. Avoid having special network tools like DHCP listening directly on eth0, some can be confused with the tagging.
Any problem you will then likely encounter will not be caused by VLANs but by routing: you can't expect a multi-homed setting like this to freely use any of its IPs to anywhere without policy routing. As long as you don't try to have more than one default gateway or reach the same destination using two different paths, you shouldn't need policy routing.
Instead of manually configuring interfaces you should consider using system settings to create and configure those interfaces. For example Debian's ifupdown's vlan extended options, or NetworkManager both can create and configure those interfaces.
Also, as commented by Rui F Ribeiro, you should be using hardware able to cope with the traffic, and a RPi might not be enough.
answered Feb 7 at 20:06
A.BA.B
5,1121727
For this "simple" case (ie not involving bridges and bridge ports, overlapping VLANs or any other fancy setup), you just have to create three vlan sub-interfaces with their default settings. Once done you can now consider you have three interfaces as usual and forget about the physical interface or VLANs. Default settings will just tag and untag the single vlan id automatically on each interface. One naming convention among others for those interfaces is to add the vlan id after the base interface name with a dot between.
ip link add eth0.10 link eth0 type vlan id 10
ip link add eth0.20 link eth0 type vlan id 20
ip link add eth0.30 link eth0 type vlan id 30
ip link set eth0 up
ip link set eth0.10 up
ip link set eth0.20 up
ip link set eth0.30 up
That's it. You can now configure them as usual as if they were basic ethernet interfaces without having to consider VLANs anymore. Please forget ifconfig which has been obsolete for 10 years and switch to ip ... instead. The use of : is a leftover from this and is used with ifconfig for setting additional IPs on the same interface, not for adding additional interfaces.
ip address add dev eth0.10 192.168.1.100/24
ip address add dev eth0.20 192.168.2.100/24
ip address add dev eth0.30 192.168.60.100/24
Now for example tcpdump will display ethertype 802.1Q frames on eth0, but only usual (for example) ethertype ARP or ethertype IPv4 frames on eth0.10: the kernel handles automatic tagging/untagging for the vlan sub-interfaces. Avoid having special network tools like DHCP listening directly on eth0, some can be confused with the tagging.
Any problem you will then likely encounter will not be caused by VLANs but by routing: you can't expect a multi-homed setting like this to freely use any of its IPs to anywhere without policy routing. As long as you don't try to have more than one default gateway or reach the same destination using two different paths, you shouldn't need policy routing.
Instead of manually configuring interfaces you should consider using system settings to create and configure those interfaces. For example Debian's ifupdown's vlan extended options, or NetworkManager both can create and configure those interfaces.
Also, as commented by Rui F Ribeiro, you should be using hardware able to cope with the traffic, and a RPi might not be enough.
answered Feb 7 at 20:06
A.BA.B
5,1121727
edited Feb 7 at 22:06
answered Feb 7 at 20:06
A.BA.B
5,1121727
answered Feb 7 at 20:06
A.BA.B
5,1121727
answered Feb 7 at 20:06
A.BA.B
5,1121727
5,1121727
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499324%2fhosting-a-simple-honeypot-server-in-each-of-3-vlans-using-one-ethernet-port%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
No, it wont as you describe it, for putting services there. You need to put the ethernet/linux in "trunk mode" eg understanding tagged VLANs. And then the rpi interface is 100Mbps and you are pointing to it a trunk of 1Gbps....seems fun. It would be wise using something more powerful.
– Rui F Ribeiro
Feb 7 at 18:29
I can choose Intel NUC aswell which has 1 gigabit Ethernet for this, just looking for software solution :)
– RedS
Feb 7 at 21:42