[Snort-users] eth1 and eth2 Breaks Default Route

John Crain port123tcp at ...131...
Thu Jul 24 04:32:02 EDT 2003


Interesting.  Does that translate as PROMISC=yes is
deprecated?  Anyone?

-John

--- Dusty Hall <halljer at ...8709...> wrote:
> Hmmm..  this could be the problem:
> 
> sysconfig.txt...
> 
> <snip>
>   Ethernet-only items:
>    
>
{IPXNETNUM,IPXPRIMARY,IPXACTIVE}_{802_2,802_3,ETHERII,SNAP}
>     configuration matrix for IPX.  Only used if IPX
> is active.
>     Managed from
> /etc/sysconfig/network-scripts/ifup-ipx
>     ARP=yes|no (adds 'arp' flag to ifconfig, for use
> with the
>       ethertap device)
>     Deprecated:      
>
<-----------------------------------------------------
> I must have
> missed this.
>      PROMISC=yes|no (enable or disable promiscuous
> mode)
>      ALLMULTI=yes|no (enable or disable
> all-multicast mode)
>      
>      To properly set these, use the packet socket
> interface.
> </snip>
> 
> I'm not sure what to do at the moment or what this
> means.. (To properly
> set these, use the packet socket interface.).  Any
> ideas?
> 
> 
> -Dusty
> 
> 
> 
> >>> John Crain <port123tcp at ...131...> 7/22/2003
> 4:18:16 PM >>>
> Dusty,
>  
> I just tested that on one of my boxen and it worked,
> sort of... The
> default route comes up a-ok, but when I do an
> ifconfig on the interface
> that is the sensor, there is no "PROMISC" notation.
> I put "PROMISC=yes"
> in ifcfg-eth1 file, but no luck. Did I type
> something wrong?
>  
> Thanks.
>  
> -John
> 
> Dusty Hall <halljer at ...8709...> wrote:
> John,
> 
> Here's all I have in our eth1 startup file...
> 
> cat /etc/sysconfig/network-scripts/ifcfg-eth1
> 
> DEVICE=eth1
> ONBOOT=yes
> PROMISC=yes
> 
> Later,
> 
> 
> -Dusty
> 
> 
> >>> John Crain 
> 7/22/2003 2:57:20 PM >>>
> There was a typo in the original message. The
> correction follows:
> 
> A buddy of mine asked the following question on
> comp.os.linux.networking, but those folks don't
> fully
> understand why an interface would want to be set to
> 0.0.0.0/0. If anyone can shed some light on a fix,
> I'd
> like to know. Here's the original question:
> 
> I have Red Hat 9 on an X86 with three (3) interfaces
> working as an IDS. eth0 is my management interface
> with a live IP address. eth1 and eth2 both have
> their
> IP addresses set to 0.0.0.0/0 for data collection. 
> All IP addresses are set in
> /etc/sysconfig/network-scripts/ifcfg-eth?.
> 
> When the box boots up my default route is shot
> through
> eth2 (should be eth0) even though I have my GATEWAY
> keyword set to the gateway I want. The following are
> my ifcfg-eth? entries:
> 
> /etc/sysconfig/network-scripts/ifcfg-eth0
> DEVICE=eth0
> onfiltered=yes
> BOOTPROTO=static
> IPADDR=1.2.3.4
> NETMASK=255.255.255.0
> GATEWAY=1.2.3.1
> 
> /etc/sysconfig/network-scripts/ifcfg-eth1
> DEVICE=eth1
> BOOTPROTO=static
> BROADCAST=255.255.255.255
> IPADDR=0.0.0.0
> NETMASK=0.0.0.0
> NETWORK=0.0.0.0
> onfiltered=yes
> GATEWAY=1.2.3.1
> 
> /etc/sysconfig/network-scripts/ifcfg-eth2
> DEVICE=eth2
> BOOTPROTO=static
> BROADCAST=255.255.255.255
> IPADDR=0.0.0.0
> NETMASK=0.0.0.0
> NETWORK=0.0.0.0
> onfiltered=yes
> GATEWAY=1.2.3.1
> 
> I added "GATEWAY=1.2.3.1" to ifcfg-eth1 and
> ifcfg-eth2
> to see if that would fix things. It doesn't...
> 
> Q1: How do I get the system to recognize the proper
> gateway as specified in ifcfg-eth0?
> Q2: Is there a way to tell an interface to boot in
> promiscous mode? I'm thinking there is a keyword
> that
> can be placed in ifcfg-eth?, but I can't find any
> reference to that...
> 
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com 
> 
> 
>
-------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems
> on a single
> machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell
> virtual machines at
> the
> same time. Free trial click here:
> http://www.vmware.com/wl/offer/345/0
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net 
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> 
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> ---------------------------------
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> 
> 
>
-------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems
> on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell
> virtual machines at the
> same time. Free trial click here:
> http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com




More information about the Snort-users mailing list