Bridge Interface Issues

97 views
Skip to first unread message

Damien Weiss

unread,
Dec 29, 2014, 11:47:45 AM12/29/14
to securit...@googlegroups.com
I've created a SO server on a box with four interfaces. It turned out that I wanted to bridge two of the interfaces since the tap separates the traffic. Specifically, I want to bridge eth2 and eth3 into a bridge named "snoopy".

Here's the relevant section from /etc/network/interfaces:

auto eth2
iface eth2 inet manual
up ip link set $IFACE promisc on arp off up
down ip link set $IFACE promisc off down
post-up ethtool -G $IFACE rx 2040; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE
$i off; done
post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6

auto eth3
iface eth3 inet manual
up ip link set $IFACE promisc on arp off up
down ip link set $IFACE promisc off down
post-up ethtool -G $IFACE rx 2040; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE
$i off; done
post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6

auto snoopy
iface snoopy inet manual
up ip link set $IFACE promisc on arp off up
pre-up brctl addbr snoopy
pre-up brctl addif snoopy eth2 eth3
pre-up ip addr flush dev eth2
pre-up ip addr flush dev eth3
post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6


The snoopy bridge interface does come up:

snoopy Link encap:Ethernet HWaddr 00:26:55:32:e5:9e
UP BROADCAST RUNNING NOARP PROMISC MULTICAST MTU:1500 Metric:1
RX packets:2542 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:620781 (620.7 KB) TX bytes:0 (0.0 B)

However, when I try to re-run sosetup to use snoopy as the monitoring interface, I only get a list of the non-bridge interfaces (eth1, eth2, and eth3).

No matter what I've done, I can't get snoopy to show up.

Ideas?

Heine Lysemose

unread,
Dec 29, 2014, 1:51:35 PM12/29/14
to securit...@googlegroups.com

Hi

What if you change the name of the interface to bond or bond0?

You could also check the sosetup script to see what names it's looking for...

Regards,
Lysemose

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages