Re: eth1 and eth2 Breaks Default Route

[John Crain <port123tcp () yahoo com>]

Interesting.  Does that translate as PROMISC=yes is
deprecated?  Anyone?

-John

--- Dusty Hall <halljer () auburn edu> wrote:
> Hmmm..  this could be the problem:
>
> sysconfig.txt...
>
> <snip>
>   Ethernet-only items:
>    
{IPXNETNUM,IPXPRIMARY,IPXACTIVE}_{802_2,802_3,ETHERII,SNAP}
>     configuration matrix for IPX.  Only used if IPX
> is active.
>     Managed from
> /etc/sysconfig/network-scripts/ifup-ipx
>     ARP=yes|no (adds 'arp' flag to ifconfig, for use
> with the
>       ethertap device)
>     Deprecated:      
<-----------------------------------------------------
> I must have
> missed this.
>      PROMISC=yes|no (enable or disable promiscuous
> mode)
>      ALLMULTI=yes|no (enable or disable
> all-multicast mode)
>      
>      To properly set these, use the packet socket
> interface.
> </snip>
>
> I'm not sure what to do at the moment or what this
> means.. (To properly
> set these, use the packet socket interface.).  Any
> ideas?
>
>
> -Dusty
>
>
>
> > > > John Crain <port123tcp () yahoo com> 7/22/2003
> 4:18:16 PM >>>
> Dusty,
>  
> I just tested that on one of my boxen and it worked,
> sort of... The
> default route comes up a-ok, but when I do an
> ifconfig on the interface
> that is the sensor, there is no "PROMISC" notation.
> I put "PROMISC=yes"
> in ifcfg-eth1 file, but no luck. Did I type
> something wrong?
>  
> Thanks.
>  
> -John
>
> Dusty Hall <halljer () auburn edu> wrote:
> John,
>
> Here's all I have in our eth1 startup file...
>
> cat /etc/sysconfig/network-scripts/ifcfg-eth1
>
> DEVICE=eth1
> ONBOOT=yes
> PROMISC=yes
>
> Later,
>
>
> -Dusty
>
>
> > > > John Crain 
> 7/22/2003 2:57:20 PM >>>
> There was a typo in the original message. The
> correction follows:
>
> A buddy of mine asked the following question on
> comp.os.linux.networking, but those folks don't
> fully
> understand why an interface would want to be set to
> 0.0.0.0/0. If anyone can shed some light on a fix,
> I'd
> like to know. Here's the original question:
>
> I have Red Hat 9 on an X86 with three (3) interfaces
> working as an IDS. eth0 is my management interface
> with a live IP address. eth1 and eth2 both have
> their
> IP addresses set to 0.0.0.0/0 for data collection. 
> All IP addresses are set in
> /etc/sysconfig/network-scripts/ifcfg-eth?.
>
> When the box boots up my default route is shot
> through
> eth2 (should be eth0) even though I have my GATEWAY
> keyword set to the gateway I want. The following are
> my ifcfg-eth? entries:
>
> /etc/sysconfig/network-scripts/ifcfg-eth0
> DEVICE=eth0
> onfiltered=yes
> BOOTPROTO=static
> IPADDR=1.2.3.4
> NETMASK=255.255.255.0
> GATEWAY=1.2.3.1
>
> /etc/sysconfig/network-scripts/ifcfg-eth1
> DEVICE=eth1
> BOOTPROTO=static
> BROADCAST=255.255.255.255
> IPADDR=0.0.0.0
> NETMASK=0.0.0.0
> NETWORK=0.0.0.0
> onfiltered=yes
> GATEWAY=1.2.3.1
>
> /etc/sysconfig/network-scripts/ifcfg-eth2
> DEVICE=eth2
> BOOTPROTO=static
> BROADCAST=255.255.255.255
> IPADDR=0.0.0.0
> NETMASK=0.0.0.0
> NETWORK=0.0.0.0
> onfiltered=yes
> GATEWAY=1.2.3.1
>
> I added "GATEWAY=1.2.3.1" to ifcfg-eth1 and
> ifcfg-eth2
> to see if that would fix things. It doesn't...
>
> Q1: How do I get the system to recognize the proper
> gateway as specified in ifcfg-eth0?
> Q2: Is there a way to tell an interface to boot in
> promiscous mode? I'm thinking there is a keyword
> that
> can be placed in ifcfg-eth?, but I can't find any
> reference to that...
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com 
-------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems
> on a single
> machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell
> virtual machines at
> the
> same time. Free trial click here:
> http://www.vmware.com/wl/offer/345/0
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net 
> Go to this URL to change user options or
> unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> ---------------------------------
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
-------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems
> on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell
> virtual machines at the
> same time. Free trial click here:
> http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or
> unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users