[ previous ] [ next ] [ threads ]
 
 From:  Graham Freeman <graham dot freeman at cernio dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Network taps on Soekris net4801? - willing to pay
 Date:  Sat, 13 May 2006 22:10:31 -0700 
Hi, folks,

I want to deploy a Snort IDS in the network, with feeds from passive  
taps in front of and behind my m0n0wall firewall.  Currently I'm  
running a Soekris net4801 w/ lan1621 for a total of 5 network ports.   
I'll use a separate server or two for Snort, but I don't want to  
deploy another layer of potential failures by installing network hubs  
that I wouldn't need otherwise.  I also don't want to use my Snort  
server(s) as bridges - I want my network to stay up even if the IDS  
hardware fails or is taken offline for maintenance.

I'm only using three of my five network ports on the m0n0/Soekris box  
- can I set up the other two ports so that they mirror LAN & WAN  
traffic?  If so, how?

Any help would be appreciated.  I'm willing to donate a modest sum to  
make this happen.  This is for the colocation arm of a growing  
technology cooperative, so we have some money but not a ton.

Thanks!

Graham Freeman
Cernio Technology Cooperative
www.cernio.com/colocation/
graham dot freeman at cernio dot com