[ previous ] [ next ] [ threads ]
 
 From:  Graham Freeman <graham dot freeman at cernio dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Network taps on Soekris net4801?
 Date:  Wed, 19 Apr 2006 13:28:33 -0700
Hi, folks,

I want to deploy a Snort IDS in the network, with passive taps in  
front of and behind my m0n0wall firewall, which runs on a Soekris  
net4801 w/ lan1621 for a total of 5 network ports.  I'll use a  
separate server or two for Snort, but I don't want to deploy another  
layer of potential failures by installing network hubs that I  
wouldn't need otherwise.  I also don't want to use my Snort server(s)  
as bridges - I want my network to stay up even if the IDS hardware  
fails.

I'm only using three of my five network ports on the m0n0/Soekris box  
- can I set up the other two ports so that they mirror LAN & WAN  
traffic?  If so, how?

Any help would be appreciated.

Thanks!

Graham Freeman
Cernio Technology Cooperative
www.cernio.com/colocation/
graham dot freeman at cernio dot com