Snort mailing list archives
Re: eth1 and eth2 Breaks Default Route
From: John Crain <port123tcp () yahoo com>
Date: Thu, 24 Jul 2003 04:31:06 -0700 (PDT)
Interesting. Does that translate as PROMISC=yes is deprecated? Anyone? -John --- Dusty Hall <halljer () auburn edu> wrote:
Hmmm.. this could be the problem: sysconfig.txt... <snip> Ethernet-only items:
{IPXNETNUM,IPXPRIMARY,IPXACTIVE}_{802_2,802_3,ETHERII,SNAP}
configuration matrix for IPX. Only used if IPX is active. Managed from /etc/sysconfig/network-scripts/ifup-ipx ARP=yes|no (adds 'arp' flag to ifconfig, for use with the ethertap device) Deprecated:
<-----------------------------------------------------
I must have missed this. PROMISC=yes|no (enable or disable promiscuous mode) ALLMULTI=yes|no (enable or disable all-multicast mode) To properly set these, use the packet socket interface. </snip> I'm not sure what to do at the moment or what this means.. (To properly set these, use the packet socket interface.). Any ideas? -DustyJohn Crain <port123tcp () yahoo com> 7/22/20034:18:16 PM >>> Dusty, I just tested that on one of my boxen and it worked, sort of... The default route comes up a-ok, but when I do an ifconfig on the interface that is the sensor, there is no "PROMISC" notation. I put "PROMISC=yes" in ifcfg-eth1 file, but no luck. Did I type something wrong? Thanks. -John Dusty Hall <halljer () auburn edu> wrote: John, Here's all I have in our eth1 startup file... cat /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 ONBOOT=yes PROMISC=yes Later, -DustyJohn Crain7/22/2003 2:57:20 PM >>> There was a typo in the original message. The correction follows: A buddy of mine asked the following question on comp.os.linux.networking, but those folks don't fully understand why an interface would want to be set to 0.0.0.0/0. If anyone can shed some light on a fix, I'd like to know. Here's the original question: I have Red Hat 9 on an X86 with three (3) interfaces working as an IDS. eth0 is my management interface with a live IP address. eth1 and eth2 both have their IP addresses set to 0.0.0.0/0 for data collection. All IP addresses are set in /etc/sysconfig/network-scripts/ifcfg-eth?. When the box boots up my default route is shot through eth2 (should be eth0) even though I have my GATEWAY keyword set to the gateway I want. The following are my ifcfg-eth? entries: /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 onfiltered=yes BOOTPROTO=static IPADDR=1.2.3.4 NETMASK=255.255.255.0 GATEWAY=1.2.3.1 /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 BOOTPROTO=static BROADCAST=255.255.255.255 IPADDR=0.0.0.0 NETMASK=0.0.0.0 NETWORK=0.0.0.0 onfiltered=yes GATEWAY=1.2.3.1 /etc/sysconfig/network-scripts/ifcfg-eth2 DEVICE=eth2 BOOTPROTO=static BROADCAST=255.255.255.255 IPADDR=0.0.0.0 NETMASK=0.0.0.0 NETWORK=0.0.0.0 onfiltered=yes GATEWAY=1.2.3.1 I added "GATEWAY=1.2.3.1" to ifcfg-eth1 and ifcfg-eth2 to see if that would fix things. It doesn't... Q1: How do I get the system to recognize the proper gateway as specified in ifcfg-eth0? Q2: Is there a way to tell an interface to boot in promiscous mode? I'm thinking there is a keyword that can be placed in ifcfg-eth?, but I can't find any reference to that... __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------- Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo.
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- eth1 and eth2 Breaks Default Route John Crain (Jul 22)
- Re: eth1 and eth2 Breaks Default Route John Crain (Jul 22)
- RE: eth1 and eth2 Breaks Default Route Chris N. (Jul 23)
- RE: eth1 and eth2 Breaks Default Route John Crain (Jul 24)
- <Possible follow-ups>
- Re: eth1 and eth2 Breaks Default Route Dusty Hall (Jul 22)
- Re: eth1 and eth2 Breaks Default Route John Crain (Jul 22)
- Re: eth1 and eth2 Breaks Default Route Jacques (Jul 22)
- Re: eth1 and eth2 Breaks Default Route John Crain (Jul 24)
- Re: eth1 and eth2 Breaks Default Route Jacques (Jul 22)
- Re: eth1 and eth2 Breaks Default Route Dusty Hall (Jul 22)
- Re: eth1 and eth2 Breaks Default Route John Crain (Jul 24)
- RE: eth1 and eth2 Breaks Default Route Schmehl, Paul L (Jul 23)