RE: eth1 and eth2 Breaks Default Route

[John Crain <port123tcp () yahoo com>]

Ahh.  Very cool.

However, I'd like my interface to come up as promisc. 
I use ethereal on occasions (before snort is running)
and would like the system to jive with ethereal.

Any ideas or suggestions?  A script would do it, but
I'm thinking there has to be a way to get the system
to take care of business.

Thanks.

-John.

--- "Chris N." <chris.northrop () po state ct us> wrote:
> John
>
>     It seems that Snort will set the interface to
> PROMISC by default, unless
> specifically told not to.
>
>     Dusty's config is all I use..
>
>     DEVICE=eth1
>     ONBOOT=yes
>
>     without the
>     PROMISC=yes
>
> Gud LuK
> Chris N.
>   -----Original Message-----
>   From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net]On
> Behalf Of John Crain
>   Sent: Tuesday, July 22, 2003 3:49 PM
>   To: snort-users () lists sourceforge net
>   Subject: [Snort-users] eth1 and eth2 Breaks
> Default Route
>
>
>   A buddy of mine asked the following question on
> comp.os.linux.networking, but
> those folks don't fully understand why an interface
> would want to be set to
> 0.0.0.0/0. If anyone can shed some light on a fix,
> I'd like to know. Here's the
> original question:
>
>   I have Red Hat 9 on an X86 with three (3)
> interfaces working as an IDS.  eth0
> is my management interface with a live IP address. 
> eth1 and eth2 both have
> their IP addresses set to 0.0.0.0/0 for data
> collection.  All IP addresses are
> set in /etc/sysconfig/network-scripts/ifcfg-eth?.
>
>   When the box boots up my default route is shot
> through eth2 (should be eth0)
> even though I have my GATEWAY keyword set to the
> gateway I want. The following
> are my ifcfg-eth? entries:
>
>   /etc/sysconfig/network-scripts/ifcfg-eth0
>        DEVICE=eth0
>        ONBOOT=yes
>        BOOTPROTO=static
>        IPADDR=1.2.3.4
>        NETMASK=255.255.255.0
>        GATEWAY=1.2.3.1
>
>   /etc/sysconfig/network-scripts/ifcfg-eth0
>        DEVICE=eth1
>        BOOTPROTO=static
>        BROADCAST=255.255.255.255
>        IPADDR=0.0.0.0
>        NETMASK=0.0.0.0
>        NETWORK=0.0.0.0
>        ONBOOT=yes
>        GATEWAY=1.2.3.1
>
>   /etc/sysconfig/network-scripts/ifcfg-eth0
>        DEVICE=eth2
>        BOOTPROTO=static
>        BROADCAST=255.255.255.255
>        IPADDR=0.0.0.0
>        NETMASK=0.0.0.0
>        NETWORK=0.0.0.0
>        ONBOOT=yes
>        GATEWAY=1.2.3.1
>
>   I added "GATEWAY=1.2.3.1" to ifcfg-eth1 and
> ifcfg-eth2 to see if that would
> fix things.  It doesn't...
>
>   Q1: How do I get the system to recognize the
> proper gateway as specified in
> ifcfg-eth0?
>   Q2: Is there a way to tell an interface to boot in
> promiscous mode?  I'm
> thinking there is a keyword that can be placed in
> ifcfg-eth?, but I can't find
> any reference to that...
------------------------------------------------------------------------------
>   Do you Yahoo!?
>   The New Yahoo! Search - Faster. Easier. Bingo.


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users