Snort mailing list archives

Re: eth1 and eth2 Breaks Default Route

From: "Dusty Hall" <halljer () auburn edu>
Date: Tue, 22 Jul 2003 16:54:20 -0500

Hmmm..  this could be the problem:

sysconfig.txt...

<snip>
  Ethernet-only items:
    {IPXNETNUM,IPXPRIMARY,IPXACTIVE}_{802_2,802_3,ETHERII,SNAP}
    configuration matrix for IPX.  Only used if IPX is active.
    Managed from /etc/sysconfig/network-scripts/ifup-ipx
    ARP=yes|no (adds 'arp' flag to ifconfig, for use with the
      ethertap device)
    Deprecated:      
<----------------------------------------------------- I must have
missed this.
     PROMISC=yes|no (enable or disable promiscuous mode)
     ALLMULTI=yes|no (enable or disable all-multicast mode)
     
     To properly set these, use the packet socket interface.
</snip>

I'm not sure what to do at the moment or what this means.. (To properly
set these, use the packet socket interface.).  Any ideas?


-Dusty

John Crain <port123tcp () yahoo com> 7/22/2003 4:18:16 PM >>>

Dusty,
 
I just tested that on one of my boxen and it worked, sort of... The
default route comes up a-ok, but when I do an ifconfig on the interface
that is the sensor, there is no "PROMISC" notation. I put "PROMISC=yes"
in ifcfg-eth1 file, but no luck. Did I type something wrong?
 
Thanks.
 
-John

Dusty Hall <halljer () auburn edu> wrote:
John,

Here's all I have in our eth1 startup file...

cat /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
ONBOOT=yes
PROMISC=yes

Later,


-Dusty

John Crain

7/22/2003 2:57:20 PM >>>
There was a typo in the original message. The
correction follows:

A buddy of mine asked the following question on
comp.os.linux.networking, but those folks don't fully
understand why an interface would want to be set to
0.0.0.0/0. If anyone can shed some light on a fix, I'd
like to know. Here's the original question:

I have Red Hat 9 on an X86 with three (3) interfaces
working as an IDS. eth0 is my management interface
with a live IP address. eth1 and eth2 both have their
IP addresses set to 0.0.0.0/0 for data collection. 
All IP addresses are set in
/etc/sysconfig/network-scripts/ifcfg-eth?.

When the box boots up my default route is shot through
eth2 (should be eth0) even though I have my GATEWAY
keyword set to the gateway I want. The following are
my ifcfg-eth? entries:

/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
onfiltered=yes
BOOTPROTO=static
IPADDR=1.2.3.4
NETMASK=255.255.255.0
GATEWAY=1.2.3.1

/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
BROADCAST=255.255.255.255
IPADDR=0.0.0.0
NETMASK=0.0.0.0
NETWORK=0.0.0.0
onfiltered=yes
GATEWAY=1.2.3.1

/etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
BOOTPROTO=static
BROADCAST=255.255.255.255
IPADDR=0.0.0.0
NETMASK=0.0.0.0
NETWORK=0.0.0.0
onfiltered=yes
GATEWAY=1.2.3.1

I added "GATEWAY=1.2.3.1" to ifcfg-eth1 and ifcfg-eth2
to see if that would fix things. It doesn't...

Q1: How do I get the system to recognize the proper
gateway as specified in ifcfg-eth0?
Q2: Is there a way to tell an interface to boot in
promiscous mode? I'm thinking there is a keyword that
can be placed in ifcfg-eth?, but I can't find any
reference to that...

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com 


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single
machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at
the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users 


---------------------------------
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

eth1 and eth2 Breaks Default Route John Crain (Jul 22)
- Re: eth1 and eth2 Breaks Default Route John Crain (Jul 22)
- RE: eth1 and eth2 Breaks Default Route Chris N. (Jul 23)
  - RE: eth1 and eth2 Breaks Default Route John Crain (Jul 24)
- <Possible follow-ups>
- Re: eth1 and eth2 Breaks Default Route Dusty Hall (Jul 22)
- Re: eth1 and eth2 Breaks Default Route John Crain (Jul 22)
  - Re: eth1 and eth2 Breaks Default Route Jacques (Jul 22)
    - Re: eth1 and eth2 Breaks Default Route John Crain (Jul 24)
- Re: eth1 and eth2 Breaks Default Route Dusty Hall (Jul 22)
  - Re: eth1 and eth2 Breaks Default Route John Crain (Jul 24)
- RE: eth1 and eth2 Breaks Default Route Schmehl, Paul L (Jul 23)