I've got a Debian box with 2 NIC's in it that I want connected to 2 different points on my LAN. This box also gets accessed on a couple of different ports (our DSL modem/router is doing some port-forwarding for it).

The LAN setup is this: DSL modem/router <--> hub <--> big switch <--> all hosts plugged in here.

I want my Debian box to not only connect to the big switch like everybody else (with NIC #1), but also to plug directly into the hub (with the 2nd NIC) so I can monitor all the traffic into/out-of my network.

The reason it's also got to plug into the switch is so all the other hosts can connect to it for the usual file serving and intranet site serving that it's been doing all along before trying to add this 2nd NIC.

I tried editing my /etc/network/interfaces and made it look like so:
but that made it so I couldn't access the machine from outside the LAN.

How can I configure this Debian box to use both NIC's?

Why don't you just put the box on the HUB? Unless the switch is more than a cheap SOHO switch, it should still be seen fine there.

> Why don't you just put the box on the HUB?

I believe the reason is, this box gets used by folks on the LAN -- they regularly copy large files to and from it. If we just plugged the box into the hub, then every time someone copied a big file or made a backup, the rest of the users' internet access would slow to a crawl.

Another option is to just find some old x86 box lying around, put an ethernet card in it, install GNU/Linux on it, and then plug *that* into the hub (its sole purpose being for not monitoring), but we were hoping to have the current Debian box do double-duty.

Fair enough. You can't access the machine outside the lan with the changes to the network config? Where are you trying to access it from? What exactly happens?

Technically, if all you want to do is sniff packets on the other interface, it doesn't even need an IP. You could just bring it up in promisc mode.

> You can't access the machine outside the lan with the changes to the network config?

Yes. With the changes to my /etc/network/interfaces file (and restarting networking with "/etc/init.d/networking restart"), I cannot access the machine from outside the LAN.

> Where are you trying to access it from?

From an ssh client at my home (after I left work).

> What exactly happens?

It just hangs not being able to establish a connection I guess.

> Technically, if all you want to do is sniff packets on the other interface,
> it doesn't even need an IP. You could just bring it up in promisc mode.

Ahh... That's interesting, because that's all we really want to do. We just want to be able to run ethereal and ntop and have them watch that 2nd ethernet card. I'll google for "promiscuous mode" and see what I can find...

I'm not sure about ntop, but ethereal can put the card into promiscuous mode for you. Just do 'ifconfig eth1 up' and then run ethereal. No IP, no routing tables needed. You're not actually trying to handle traffic over the interface, after all.

Matir -- thanks! Everything works now.

The solution is as you suggest: The machine has 2 NIC's, but only eth0 is mentioned in /etc/network/interfaces. The eth0 card is the regular one plugged into the switch. The eth1 card is plugged into the hub (which is plugged directly into the DSL modem/router, and which the switch uplink plugs into).

We bring up eth1 with: ifconfig eth1 -promisc up
then run ntop telling it to look at eth1, and everything seems to work fine (I think ntop, like ethereal, is able to switch the interface to promiscuous mode all by itself).

Thanks. :)

Glad it worked for you! Let us know how the monitoring goes!