Hi all
I would like to know if it is possible to setup some type of port mirroring using
the linux bridging kernel. I have installed
the pre-built bridging kernel for RedHat 7.3 2.4.18-10brnf0.0.7 that allows iptables
rules. The machine has 4 ethernet interfaces,
eth0 and eth1 form a bridge br0. eth0 is on the Internet side and eth1 on our LAN side.
I would like to be able to mirror all packets from either eth0 or eth1 to one or
possibly both of eth2 and eth3. In this way I could
place an IDS configuration on one of the eth2,eth3 ports or something like Etherpeek
NX running on a windows machine for packets and
protocol analysis of our Internet Traffic.
Can anybody comment if this is possible and how it might be done using iptables or any
other means.
I suspect some of you are thinking why not just put in an inline 10/100 Mbit
repeater. Due to other circumstances the interfaces
eth0 and eth2 are Gigabit SX, and eth2 and eth3 are gigabit Tx, so I would need a
gigbit Sx repeater, or Sx taps which costs $$$
I was hoping to just use the linux bridge to do the port mirroring for me.
Thanks in advance
Steve McDOnald
TRIUMFbegin:vcard
n:McDonald;Steven
x-mozilla-html:FALSE
org:TRIUMF;Computing Services
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Network and Systems Manager
x-mozilla-cpt:;0
fn:Steven McDonald
end:vcard
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
