Dear Opensuse Users: I have 4 different wired network interfaces on my motherboard and am looking for a way to understand how they operate. Everything is just fine when I just use one port (DHCP) => plugged into a router (static IP) => LAN. But I find that if I configure a second NIC with a different static IP (plus gateway, etc.), then I loose all connectivity. It’s as if OS gets confused about which port to use and just decides not to do anything. I assume this is normal since it’s a vanilla x64 setup - so I’m the dumb one here. Can someone point me to a reasonable low level explanation of what I obviously do not know about multiple NIC configuration?
Most importantly, only one interface should be configured with a DG. Alll other interfaces should be configured with everything else <except> a DG.
Although not always critical, it’s desirable for every attached network to have a different networkID (It’s the part of the address which is masked by the subnet mask). This makes packet routing easy and limits searching different physical networks with the same networkID.
Routing gateways can be configured if needed for access to another network, but do not violate the first rule… Every machine should be configured with <only one default>.
Apply the above and you shouldn’t see netowrk routing issues.
Hi Tsu! Now see? I don’t even know what a DG is. That’s why I asked at userlevel=noob.
I have a DHCP => router => LAN. That’s pretty automatic. But then I tried using the
NetworkManager to put in IP/SNM/GTWY/DNS/SearchDoms for my LAN on the second port.
That resulted in no LAN connectivity. (I might
need to revert to ifup to create bridges for my KVM machine(s) in the future.)
As soon as I tell the second port to connect, I loose connectivity, so you’re right, something
is conflicting in the setup.
I want to set up snort to “listen” on my main LAN, but have all the important IP stuff go through the
router => LAN (for the added protection).
DG = Default Gateway.** It should be empty on every interface except one**. Think about what “default” means… If a destination cannot be mapped to the existing local routing table, then packets will be directed through the default destination without really knowing what happens beyond and assuming all will work in the end. If you configure multiple defaults, and in particular defaults that go nowhere you’re going to end up with lost packets. This is the magic of the Internet(TCP?IP networking in general)… You can just send packets through “default” and they will eventually end up where they’re supposed to go without real knowledge how the packets will be delivered.
Typically if you want to run something like Snort (an IDS) on your LAN, you would deploy it on a critical node (all traffic you want to capture passes through that machine). The alternative is to set up a machine in promiscuous mode to sniff all traffic on the wire regardless whether the traffic is destined for that machine or not.
Thanks, Tsu - I didn’t think of it that way. So, just leave Gtwy blank on that interface? What about DNS server and search domain? Also blank?
I guess I want it to sniff all traffic but reply to none - that was the thinking anyway. It would be interesting to me to know if any “known bad” (i.e., to Snort) signatures were detected. Can that be done? I think they call that “stealth mode.” I’d like to know Snort database hit statistics for the LAN which I rely upon. I can tell snort which NIC to use when I start it.
Snort doesn’t seem to be easy to get on Opensuse - has anyone used it? Did you build your own, or use the ymp install package?
Snort is there just search for it. I think you can probably do a one click install, but from what I have noticed some people may prefer to add the repo through zypper. So that one is in control of the upgrades I would guess… at least more aware.
Also something that may be of interest to you is Network Tools in Gnome and probably something similar in KDE, if thats what your using.