You may remember me posting recently about having issues installing Security Onion in VMWare. If not, the basic story is that I got it installed but was having issues accessing the web interface from other virtual machines in my lab. I tried NAT, Bridged, and various custom VMnets.
After all of that I just took a step back and though about what I was trying to do. I decided to try setting up a LAN Segment in VMWare specifically for the “management” network. This segment of course doesn’t have DHCP, so every node on the network has a static IP. I picked an IP range I wanted to use for this “lan” and configured Security Onion to use this segment for management purposes.
Then I joined one of my client machines to the same lan segment and pinged the Security Onion vm…and it worked! Ok, I was able to ping before, so the real test would be the web interface. I tried to browse to it and got a security warning, which was a good sign in my opinion. Since this is just a lab I proceeded past the warning.
BOOM! Web interface popped up, it worked.
It may seem like a simple thing but none of my other settings had worked. Maybe it was the built in DHCP server on the default VMnets that was causing an issue, even though I set the machines to have static IPs in the same range as what was being handed out.
Even when I set them up as NAT interfaces, I could ping between them, but couldn’t browse to the web interface. I had looked for other options and saw this was a pretty common issues with Security Onion and VMWare. I saw people deploying virtual switches, or even switching to Virtual Box to use promiscuous mode for their network settings.
I’ve been using VMWare long enough to know there HAD to be a way to make this work, either that, or I’m just too stubborn to give up LOL, probably a bit of both.
Anyway, I can properly manage my Security Onion deployment now, and I even setup an Analyst VM to go along with the EVAL machine.
Now I need to start generating some traffic so I can actually starting learning how all of these tools work.
Leave a Reply