Menu
▾
▴
Re: [Snort-inline-users] Hide interface IP
|
From: Will M. <wil...@gm...> - 2005-02-28 13:08:37
|
If you are applying the ebtables-brnf patch, the brnf portion of that patch allows iptables to filter on packets passing through the bridge. It doesn't matter if you are using a bridge or using NAT mode, you are still going to use the iptables QUEUE target. As far as I'm aware, ebtables doesn't have anyway to pass packets to userspace. Regards, Will On Mon, 28 Feb 2005 14:37:41 +0800, Yap Sin Hoe <sin...@ex...> wrote: > Hi, > > Sorry I am a new snort user. I'm quite confusing up to this point, by > default, snort_inline will get packets from the iptables, if I create a > bridge and using ebtables, how should I configure the integration between > iptables and ebtables, should I recompile the snort_inline to get packets > from ebtables? Or should I use back the default? > > -----Original Message----- > From: Will Metcalf [mailto:wil...@gm...] > Sent: Monday, February 28, 2005 12:53 PM > To: sin...@ex... > Cc: William Metcalf; sno...@li... > Subject: Re: [Snort-inline-users] Hide interface IP > > > Should I integrate both iptables and ebtables? Where should the > snort_inline > > get packet from? > > It's up to you, snort_inline gets it's packets from iptables. > > On Mon, 28 Feb 2005 12:30:46 +0800, Yap Sin Hoe <sin...@ex...> > wrote: > > > > > > Hi Will, > > > > > > > > Should I integrate both iptables and ebtables? Where should the > snort_inline > > get packet from? > > > > > > ________________________________ > > > > > > From: William Metcalf [mailto:Wil...@kc...] > > Sent: Friday, February 25, 2005 9:47 PM > > To: sin...@ex... > > Cc: sno...@li... > > Subject: RE: [Snort-inline-users] Hide interface IP > > > > > > > > > > if you are running a 2.4.x kernel you need to apply the ebtables-brnf > patch > > and recompile your kernel. > > > > http://ebtables.sourceforge.net/ > > > > Regards, > > > > Will > > "Yap Sin Hoe" <sin...@ex...> > > > > > > > > "Yap Sin Hoe" <sin...@ex...> > > > > 02/25/2005 01:43 AM > > > > > > Please respond to > > <sin...@ex...> > > > > > > > > > > > > > > To > > > > > > "'William Metcalf'" <Wil...@kc...> > > > > > > > > > > cc > > > > > > <sno...@li...> > > > > > > > > > > Subject > > > > > > RE: [Snort-inline-users] Hide interface IP > > > > > > > > > > > > > > > > > > > > > > > > I created the bridge, but all packets are allow to pass through, the > > iptables seem not working anymore. > > > > Please advice. > > ________________________________ > > > > > > From: William Metcalf [mailto:Wil...@kc...] > > Sent: Thursday, February 24, 2005 12:39 PM > > To: sin...@ex... > > Cc: sno...@li... > > Subject: Re: [Snort-inline-users] Hide interface IP > > > > You should create a bridge.... > > > > case "$1" in > > start) > > echo -n "starting bridge" > > #BRIDGE SETUP > > echo setting up bridge > > brctl addbr br0 > > ifconfig eth0 0.0.0.0 up -arp > > ifconfig eth1 0.0.0.0 up -arp > > mii-tool -F 100baseTx-FD eth0 > > mii-tool -F 100baseTx-FD eth1 > > brctl addif br0 eth0 > > brctl addif br0 eth1 > > brctl stp br0 off > > ifconfig br0 0.0.0.0 > > ifconfig br0 up > > sleep 3 > > echo > > ;; > > stop) > > echo -n "Stopping IPS STUFF: (" > > brctl delif br0 eth0 > > brctl delif br0 eth1 > > ifconfig br0 down > > brctl delbr br0 > > echo > > ;; > > restart) > > $0 stop > > $0 start > > ;; > > status) > > status bridge > > ;; > > *) > > echo "Usage: $0 {start|stop|restart|status}" > > exit 1 > > esac > > > > exit 0 > > "Yap Sin Hoe" <sin...@ex...> > > > > > > "Yap Sin Hoe" <sin...@ex...> > > Sent by: sno...@li... > > > > 02/23/2005 09:24 PM > > > > > > Please respond to > > <sin...@ex...> > > > > > > > > > > > > > > To > > > > > > <sno...@li...> > > > > > > > > > > cc > > > > > > > > > > > > > > Subject > > > > > > [Snort-inline-users] Hide interface IP > > > > > > > > > > > > > > > > > > > > > > > > Hi there, > > > > How can I hide the snort_inline interface IP address? Can I run > snort_inline > > in promisc mode (both interfaces) as what snort does, or should I > configure > > Ethernet bridging. Anyone can send me some information or steps? > > > > Best regards, > > shyap > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
