Hi all,
I have installed a virtual machine with snort to sniff traffic on a
dedicated virtual lan.
But exists a problem: this snort vm only sees traffic destinated to
its own MAC address and traffic with the multicast bit set in the
destination address. This scenario is unusable for snot.
I have found a partial soultion: set ageing to 0 in host's bridge but
this produces another problem, all vms attached to this virtual switch
sees all traffic, and that is not what I want.
If I not wrong, ebtables is the solution to make snort work, but I
didn't find any doc about how can I implement this solution.
How can I configure ebtables rules to make a port mirroring in this
virtual switch where snort needs to sniff??
I am using KVM as virtualization platform.
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
