|
Matthew Crocker wrote:
> > the last one means "all packets sent to table 100
> > from 0/0 go to dev lo"?
>
> I think it means default route for table 100 is dev lo and treat
> packets as local
I wonder if these two statements are equivalent
> Honestly I didn't write this part. I got help from someone on the list
> 6 months ago.
Ah yes, the posting of 22May which I didn't really understand and which
I printed out and have sitting on my desk here so I could ask about it
when I got time.
> I haven't used transparent proxy, What does it do?
you use a filter rule with "-j REDIRECT" and all the tagged packets
are accepted locally.
> I'll need to tag all unkown/unwanted packets with a firewall mark.
>
> iptables -A PREROUTING -s 0/0 -d <SIP>/255.255.255.0 -i eth0 -j MARK
> --set-mark 0x99
>
> Setup a route table with a default route of my blackhole box
>
> ip route add 0/0 via <blackhole_box_ip> dev eth1 table 999
>
> Have all packets with the fwmark use the new table
>
> ip rule add prio 100 fwmark 99 table 999
>
> blackhole box is just a linux box with default route to loopback
> running SNORT.
the job of the blackhole box is to list to packets sent via table 999?
> It will also be running BGP/OSPF with my route servers
> announcing 0/0
I'm out of my depth here.
What does "route servers announcing 0/0" mean?
Why is your blackhole box running BGP/OSPF?
> so it will eat any reply packets from bogus netblocks
> (spammers, worms, etc.).
If the previous two questions don't make this obvious, please
explain this.
> My border routers do not have a default
> route. If it isn't in the BGP table it gets sent to SNORT for
> logging/analysis.
OK, all routes are explicit. Anything not explicitely handled
gets sent to snort.
Thanks
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
