[Snort-users] port mirror with linux

surman . surmano.fumano at ...11827...
Sun Mar 14 15:02:54 EDT 2010


Hi !

I have a question.

I have a linux box with 4 ethernet devices. This machine acts as router/
proxy / antivirus. I only use 3 ethernet devices, so I have 1 free port.

I want to attach a snort box to this port.

How can I configure a "port span/mirror" on the linux box? The snort box
(192.168.3.100) needs to "see" all traffic passing through all router
ethernet devices.

I think I a set up a bridge won't work, cause nat doesnt work well with
brctl (I had lotta problems time ago).

I think iptables can't do the work,cause iptables dont support layer 2
redirects, doest it?

Thanks four your help!


===============================================

                                   192.168.1.1
                                        eth1
                                           |
                                           |
INTERNET (dhcp) eth0 ----[ Router ] ---- eth2 192.168.2.1
                                           |
                                           |
                                        eth3
                                   192.168.3.1
                                          +----------[SNORT] 192.168.3.100

===============================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100314/718614c6/attachment.html>


More information about the Snort-users mailing list