[Snort-users] eth1 and eth2 Breaks Default Route

John Crain port123tcp at ...131...
Thu Jul 24 04:36:02 EDT 2003


Ahh.  Very cool.

However, I'd like my interface to come up as promisc. 
I use ethereal on occasions (before snort is running)
and would like the system to jive with ethereal.

Any ideas or suggestions?  A script would do it, but
I'm thinking there has to be a way to get the system
to take care of business.

Thanks.

-John.

--- "Chris N." <chris.northrop at ...406...> wrote:
> John
> 
>     It seems that Snort will set the interface to
> PROMISC by default, unless
> specifically told not to.
> 
>     Dusty's config is all I use..
> 
>     DEVICE=eth1
>     ONBOOT=yes
> 
>     without the
>     PROMISC=yes
> 
> Gud LuK
> Chris N.
>   -----Original Message-----
>   From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On
> Behalf Of John Crain
>   Sent: Tuesday, July 22, 2003 3:49 PM
>   To: snort-users at lists.sourceforge.net
>   Subject: [Snort-users] eth1 and eth2 Breaks
> Default Route
> 
> 
>   A buddy of mine asked the following question on
> comp.os.linux.networking, but
> those folks don't fully understand why an interface
> would want to be set to
> 0.0.0.0/0. If anyone can shed some light on a fix,
> I'd like to know. Here's the
> original question:
> 
>   I have Red Hat 9 on an X86 with three (3)
> interfaces working as an IDS.  eth0
> is my management interface with a live IP address. 
> eth1 and eth2 both have
> their IP addresses set to 0.0.0.0/0 for data
> collection.  All IP addresses are
> set in /etc/sysconfig/network-scripts/ifcfg-eth?.
> 
>   When the box boots up my default route is shot
> through eth2 (should be eth0)
> even though I have my GATEWAY keyword set to the
> gateway I want. The following
> are my ifcfg-eth? entries:
> 
>   /etc/sysconfig/network-scripts/ifcfg-eth0
>        DEVICE=eth0
>        ONBOOT=yes
>        BOOTPROTO=static
>        IPADDR=1.2.3.4
>        NETMASK=255.255.255.0
>        GATEWAY=1.2.3.1
> 
>   /etc/sysconfig/network-scripts/ifcfg-eth0
>        DEVICE=eth1
>        BOOTPROTO=static
>        BROADCAST=255.255.255.255
>        IPADDR=0.0.0.0
>        NETMASK=0.0.0.0
>        NETWORK=0.0.0.0
>        ONBOOT=yes
>        GATEWAY=1.2.3.1
> 
>   /etc/sysconfig/network-scripts/ifcfg-eth0
>        DEVICE=eth2
>        BOOTPROTO=static
>        BROADCAST=255.255.255.255
>        IPADDR=0.0.0.0
>        NETMASK=0.0.0.0
>        NETWORK=0.0.0.0
>        ONBOOT=yes
>        GATEWAY=1.2.3.1
> 
>   I added "GATEWAY=1.2.3.1" to ifcfg-eth1 and
> ifcfg-eth2 to see if that would
> fix things.  It doesn't...
> 
>   Q1: How do I get the system to recognize the
> proper gateway as specified in
> ifcfg-eth0?
>   Q2: Is there a way to tell an interface to boot in
> promiscous mode?  I'm
> thinking there is a keyword that can be placed in
> ifcfg-eth?, but I can't find
> any reference to that...
> 
> 
>
------------------------------------------------------------------------------
>   Do you Yahoo!?
>   The New Yahoo! Search - Faster. Easier. Bingo.
> 


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com




More information about the Snort-users mailing list