There's also something called ebtables which is to layer 2 what iptables
is to layer 3, I believe. Never ever used it but I've read a few
articles that mention it.
-David
On 06/25/2015 09:09 PM, Jed Clear wrote:
I haven't explored iptables in bridge/layer 2 mode, but there is no fundamental
reason you can't packet sniff or firewall traffic in bridge mode. The traffic
has to pass through your kernel.
If you were asking about FreeBSD and ipfw, I'd say yes, just look into the
layer 2 filter points. So I'd recommend digging into the iptables
documentation for something similar. Also not familiar with snort, but with
tcpdump, I'd specify the interface and I'm pretty sure it would work as it is
capturing at layer 2 (or am I thinking of Wireshark?).
-Jed
On Jun 25, 2015, at 8:56 PM, Nick Gyurov <[email protected]> wrote:
Bridging works on OSI levels 1 & 2, IP is a level 4 protocol, so IP
services - not so much.
I'm not sure what can be done with snort, no experience with it.
-
Regards,
Nick
On Fri, Jun 26, 2015 at 6:51 AM, Robin Kipp <[email protected]> wrote:
Hi all,
I just successfully installed Debian 8 on a Net6501. Basically, I’d like to use
this device as a transparent network gateway between my computers / network
appliances and the router. The reason I’d like to do this is to use an IDS
system such as Snort for security purposes and to monitor certain aspects of my
personal web traffic.
To accomplish this, I’ve now configured a network bridge named br0 and added
all of the ethernet interfaces as members. This seems to work pretty well as
far as I can tell, I have eth0 hooked up to the router and my other machines
connected to the 3 remaining ports. Of course, this means that the Net6501 is
pretty much transparent now and does not, for example, show up as a gateway
when running a traceroute command to an external host.
I generally like this a lot and think it’s quite sensible to pass things like
DHCP and NAT on to the router, rather than installing a separate DHCP server on
the Net6501 and using iptables to NAT between the Soekris box and the router’s
subnet. Since I’m doing this for the very first time, however, I’m wondering
whether I’m on the right path, or if such a setup would impose certain
limitations that I might not be aware of.
For example, can I use a tool like Snort on the Net6501 and analyze all the
traffic passing through the Net6501, or could I be facing any issues when doing
this on a bridged network?
Also, I’m guessing that with this approach, any routing / firewalling of
traffic (e.g. by using iptables) is out of the question, right? For example, I
would think that it’s probably not possible to use iptables to block traffic
originating from certain IP addresses, or to route certain traffic through a
configured VPN tunnel, etc…
If any of you guys have more experience with network bridges, I’d be very happy
if you could answer my questions and / or share your observations with me. Like
I said I’m doing this for the first time, so there may well be things that I
haven’t even thought of yet! :-)
Thanks a lot!
Robin
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech
_______________________________________________
Soekris-tech mailing list
[email protected]
http://lists.soekris.com/mailman/listinfo/soekris-tech
