[security-onion] Eth0 connection lost after basic setup
2,747 views
Skip to first unread message
John Lavery
May 21, 2015, 10:13:49 AM5/21/15
to securit...@googlegroups.com
It seems when after I do the basic setup in my security-onion VM, I lose network connectivity, I am getting a valid IP address. I have restarted the VM, and also manually refreshed the interface but still unsuccessful. When going to the network connections manager from the applications menu, everything is greyed out. I have followed the tutorial step-by-step, not sure if it's settings on my VM or some service it disabled during setup. Any help would be much appreciated.
Thanks,
-John
Thanks,
-John
Heine Lysemose
May 21, 2015, 10:30:09 AM5/21/15
to securit...@googlegroups.com
Hi
The Network Manager is disabled when you run the first part of the Sosetup (the network part)
Afterward it is controlled through the config file for that interface.
Regards,
Lysemose
--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
John Lavery
May 21, 2015, 10:34:23 AM5/21/15
to securit...@googlegroups.com
-John
John Lavery
May 22, 2015, 9:01:20 AM5/22/15
to securit...@googlegroups.com
auto lo
iface lo inet loopback
# Management interface
auto eth0
iface eth0 inet dhcp
# Connected to TAP or SPAN port for traffic monitoring
auto eth1
iface eth1 inet manual
up ifconfig $IFACE -arp up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
post-up for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done
When I attempt to ping 8.8.8.8 it shows as "connect: Network is unreachable" but I still show a valid IP address and my DNS config file is also correct. Any other thoughts or documentation that I can reference?
Thanks,
-John
Heine Lysemose
May 22, 2015, 9:26:22 AM5/22/15
to securit...@googlegroups.com
Hi
Are you able to connect before you run the sosetup?
How far do you get if you do a traceroute?
Is it a virtual machine? If so how is the network configured for the virtual machine management network interface? (Bridged/NAT/Internal)
Regards,
Lysemose
John Lavery
May 22, 2015, 10:06:54 AM5/22/15
to securit...@googlegroups.com
-John
Shane Castle
May 22, 2015, 10:49:40 AM5/22/15
to securit...@googlegroups.com
Are you using VMware? Are you setting your NAT network to DHCP? Are you
sure that eth0 and eth1 inside the VM correspond to the correct interfaces?
It seems to me that the IP address you are assigning during sosetup is
not one that the virtual networks are set up to recognize (or maybe DHCP
is being used, which opens a whole other can of worms). Also, possibly
you have the interfaces mixed up when you are inside the VM.
Take a look at the google group and search for "VM"; see if any of the
issues discussed there might apply to your situation.
Can you disclose your virtual network setup? We can help with the
settings, maybe.
On 22.05.2015 16:06, John Lavery wrote:
>
> Yes I am able to connect before the sosetup, a traceroute does not
> even start because it does not detect a network connection. Yes it is
> a virtual machine with 2 network adapters, primary is NAT and the
> secondary is Vmnet2 (host-only) for the sniffing interface. I have
> attempted to switch to different settings on the primary network
> adapter (bridged, host-only etc) and still no change.
>
> -John
>
--
Mit besten Grüßen
Shane Castle
sure that eth0 and eth1 inside the VM correspond to the correct interfaces?
It seems to me that the IP address you are assigning during sosetup is
not one that the virtual networks are set up to recognize (or maybe DHCP
is being used, which opens a whole other can of worms). Also, possibly
you have the interfaces mixed up when you are inside the VM.
Take a look at the google group and search for "VM"; see if any of the
issues discussed there might apply to your situation.
Can you disclose your virtual network setup? We can help with the
settings, maybe.
On 22.05.2015 16:06, John Lavery wrote:
>
> Yes I am able to connect before the sosetup, a traceroute does not
> even start because it does not detect a network connection. Yes it is
> a virtual machine with 2 network adapters, primary is NAT and the
> secondary is Vmnet2 (host-only) for the sniffing interface. I have
> attempted to switch to different settings on the primary network
> adapter (bridged, host-only etc) and still no change.
>
> -John
>
Mit besten Grüßen
Shane Castle
Brian Hardy
Aug 8, 2015, 1:00:15 PM8/8/15
to security-onion
I'm running on bare metal, when I first install sec onion, i have a valid IP, and I can connect to the internet, i can see my ip in my router dhcp table. however after the reboot, no connectivity, however, when I run ifconfig, my IP is configured correctly. I've tried my ethernet on both nic's but no dice.
Doug Burks
Aug 8, 2015, 2:21:03 PM8/8/15
to securit...@googlegroups.com
Instead of responding to an old thread, please start a new thread to
troubleshoot your issues. Please include the following output in your
new thread.
Please run the following command:
sudo sostat-redacted
There will be a lot of output, so you may need to increase your
terminal's scroll buffer OR redirect the output of the command to a
file:
sudo sostat-redacted > sostat-redacted.txt 2>&1
sostat-redacted will automatically redact any IPv4/IPv6/MAC addresses,
but there may be additional sensitive info that you still need to
redact manually.
Attach the output to your email in plain text format (.txt) OR use a
service likehttp://pastebin.com.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Aldo Sihombing
Oct 28, 2016, 12:43:14 PM10/28/16
to security-onion
Hi
I got same problem.
I am new using SO, i use wireless modem and wlan0 connected to this and connected to inet, then i started to basic setup, i choosed Yes..., i set eth0 as management int(static) and wlan0 as sniffing int. After it finished setup and restart, i can not connected to inet, i can not see the network icon right above on panel, ifconfig: eth0,l0,wlan0 detected. I tried to restart networking and command sostat-redacted all not luck.
I run SO 4.04.5.1 and installed it direct on laptop not using vm. Using ram 4gb and vga 2gb.
Any help would be high appreciated.
Thanks.
-James
I got same problem.
I am new using SO, i use wireless modem and wlan0 connected to this and connected to inet, then i started to basic setup, i choosed Yes..., i set eth0 as management int(static) and wlan0 as sniffing int. After it finished setup and restart, i can not connected to inet, i can not see the network icon right above on panel, ifconfig: eth0,l0,wlan0 detected. I tried to restart networking and command sostat-redacted all not luck.
I run SO 4.04.5.1 and installed it direct on laptop not using vm. Using ram 4gb and vga 2gb.
Any help would be high appreciated.
Thanks.
-James
Wes
Oct 28, 2016, 12:46:29 PM10/28/16
to security-onion
James, please start a new thread instead of replying to an old one:
In your new thread, please provide the output of sostat-redacted, attaching as a plain text file, or using a service like Pastebin.com.
Thanks,
Wes
Reply all
Reply to author
Forward
0 new messages