Snort mailing list archives

RE: eth1 and eth2 Breaks Default Route

From: "Chris N." <chris.northrop () po state ct us>
Date: Wed, 23 Jul 2003 08:15:58 -0400

John

    It seems that Snort will set the interface to PROMISC by default, unless
specifically told not to.

    Dusty's config is all I use..

    DEVICE=eth1
    ONBOOT=yes

    without the
    PROMISC=yes

Gud LuK
Chris N.
  -----Original Message-----
  From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of John Crain
  Sent: Tuesday, July 22, 2003 3:49 PM
  To: snort-users () lists sourceforge net
  Subject: [Snort-users] eth1 and eth2 Breaks Default Route


  A buddy of mine asked the following question on comp.os.linux.networking, but
those folks don't fully understand why an interface would want to be set to
0.0.0.0/0. If anyone can shed some light on a fix, I'd like to know. Here's the
original question:

  I have Red Hat 9 on an X86 with three (3) interfaces working as an IDS.  eth0
is my management interface with a live IP address.  eth1 and eth2 both have
their IP addresses set to 0.0.0.0/0 for data collection.  All IP addresses are
set in /etc/sysconfig/network-scripts/ifcfg-eth?.

  When the box boots up my default route is shot through eth2 (should be eth0)
even though I have my GATEWAY keyword set to the gateway I want. The following
are my ifcfg-eth? entries:

  /etc/sysconfig/network-scripts/ifcfg-eth0
       DEVICE=eth0
       ONBOOT=yes
       BOOTPROTO=static
       IPADDR=1.2.3.4
       NETMASK=255.255.255.0
       GATEWAY=1.2.3.1

  /etc/sysconfig/network-scripts/ifcfg-eth0
       DEVICE=eth1
       BOOTPROTO=static
       BROADCAST=255.255.255.255
       IPADDR=0.0.0.0
       NETMASK=0.0.0.0
       NETWORK=0.0.0.0
       ONBOOT=yes
       GATEWAY=1.2.3.1

  /etc/sysconfig/network-scripts/ifcfg-eth0
       DEVICE=eth2
       BOOTPROTO=static
       BROADCAST=255.255.255.255
       IPADDR=0.0.0.0
       NETMASK=0.0.0.0
       NETWORK=0.0.0.0
       ONBOOT=yes
       GATEWAY=1.2.3.1

  I added "GATEWAY=1.2.3.1" to ifcfg-eth1 and ifcfg-eth2 to see if that would
fix things.  It doesn't...

  Q1: How do I get the system to recognize the proper gateway as specified in
ifcfg-eth0?
  Q2: Is there a way to tell an interface to boot in promiscous mode?  I'm
thinking there is a keyword that can be placed in ifcfg-eth?, but I can't find
any reference to that...


------------------------------------------------------------------------------
  Do you Yahoo!?
  The New Yahoo! Search - Faster. Easier. Bingo.

Current thread:

eth1 and eth2 Breaks Default Route John Crain (Jul 22)
- Re: eth1 and eth2 Breaks Default Route John Crain (Jul 22)
- RE: eth1 and eth2 Breaks Default Route Chris N. (Jul 23)
  - RE: eth1 and eth2 Breaks Default Route John Crain (Jul 24)
- <Possible follow-ups>
- Re: eth1 and eth2 Breaks Default Route Dusty Hall (Jul 22)
- Re: eth1 and eth2 Breaks Default Route John Crain (Jul 22)
  - Re: eth1 and eth2 Breaks Default Route Jacques (Jul 22)
    - Re: eth1 and eth2 Breaks Default Route John Crain (Jul 24)
- Re: eth1 and eth2 Breaks Default Route Dusty Hall (Jul 22)
  - Re: eth1 and eth2 Breaks Default Route John Crain (Jul 24)
- RE: eth1 and eth2 Breaks Default Route Schmehl, Paul L (Jul 23)