Menu
▾
▴
Re: [Snort-inline-users] Hide interface IP
|
From: Will M. <wil...@gm...> - 2005-02-28 04:52:56
|
> Should I integrate both iptables and ebtables? Where should the snort_inline > get packet from? It's up to you, snort_inline gets it's packets from iptables. On Mon, 28 Feb 2005 12:30:46 +0800, Yap Sin Hoe <sin...@ex...> wrote: > > > Hi Will, > > > > Should I integrate both iptables and ebtables? Where should the snort_inline > get packet from? > > > ________________________________ > > > From: William Metcalf [mailto:Wil...@kc...] > Sent: Friday, February 25, 2005 9:47 PM > To: sin...@ex... > Cc: sno...@li... > Subject: RE: [Snort-inline-users] Hide interface IP > > > > > if you are running a 2.4.x kernel you need to apply the ebtables-brnf patch > and recompile your kernel. > > http://ebtables.sourceforge.net/ > > Regards, > > Will > "Yap Sin Hoe" <sin...@ex...> > > > > "Yap Sin Hoe" <sin...@ex...> > > 02/25/2005 01:43 AM > > > Please respond to > <sin...@ex...> > > > > > > > To > > > "'William Metcalf'" <Wil...@kc...> > > > > > cc > > > <sno...@li...> > > > > > Subject > > > RE: [Snort-inline-users] Hide interface IP > > > > > > > > > > > > I created the bridge, but all packets are allow to pass through, the > iptables seem not working anymore. > > Please advice. > ________________________________ > > > From: William Metcalf [mailto:Wil...@kc...] > Sent: Thursday, February 24, 2005 12:39 PM > To: sin...@ex... > Cc: sno...@li... > Subject: Re: [Snort-inline-users] Hide interface IP > > You should create a bridge.... > > case "$1" in > start) > echo -n "starting bridge" > #BRIDGE SETUP > echo setting up bridge > brctl addbr br0 > ifconfig eth0 0.0.0.0 up -arp > ifconfig eth1 0.0.0.0 up -arp > mii-tool -F 100baseTx-FD eth0 > mii-tool -F 100baseTx-FD eth1 > brctl addif br0 eth0 > brctl addif br0 eth1 > brctl stp br0 off > ifconfig br0 0.0.0.0 > ifconfig br0 up > sleep 3 > echo > ;; > stop) > echo -n "Stopping IPS STUFF: (" > brctl delif br0 eth0 > brctl delif br0 eth1 > ifconfig br0 down > brctl delbr br0 > echo > ;; > restart) > $0 stop > $0 start > ;; > status) > status bridge > ;; > *) > echo "Usage: $0 {start|stop|restart|status}" > exit 1 > esac > > exit 0 > "Yap Sin Hoe" <sin...@ex...> > > > "Yap Sin Hoe" <sin...@ex...> > Sent by: sno...@li... > > 02/23/2005 09:24 PM > > > Please respond to > <sin...@ex...> > > > > > > > To > > > <sno...@li...> > > > > > cc > > > > > > > Subject > > > [Snort-inline-users] Hide interface IP > > > > > > > > > > > > Hi there, > > How can I hide the snort_inline interface IP address? Can I run snort_inline > in promisc mode (both interfaces) as what snort does, or should I configure > Ethernet bridging. Anyone can send me some information or steps? > > Best regards, > shyap |
