On Fri, Oct 22, 2004 at 08:55:18AM -0500, Aleksandar Milivojevic wrote: > Richard Gopaul wrote: > >I'm trying to put my ethernet interface into promiscuous mode and > >have all traffic sent to the netfilter prerouting hook. I've read > >documentation on line and in the source that says that traffic > >doesn't make it to netfilter until after foreign promiscuous packets > >are dropped though, which makes me think this will be a bit of a > >challenge. Any ideas? > > Either I'm missing what you want to do, or the question doesn't make > any sense. It doesn't matter if interface is in promiscuous mode or > not. If apropriate Netfilter modules are loaded, packets will end up > in prerouting chain (unless something in kernel drops them earlier, > such as rp_filter). I *think* you're missing what Richard is trying to do. I'm presuming that all packets picked up by the ethernet inferface in promiscuous mode, so irrespective of whether they're meant for the host or not, should be sent to the prerouting table. I would be surprised if this can be done without a great deal of hacking around... but most interesting of all, why do you want to do this Richard? -- We are the Willing, led by the Unknowing, Are doing the Impossible, for the Ungrateful. We have done so much, for so long, with so little, We are now qualified to do anything with nothing.