Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-16-2004, 06:33 PM   #1
Registered: Feb 2002
Posts: 322

Rep: Reputation: 30
Can linux firewall traffic not necessarily intended for it (promisc mode)?

Simple question for you linux firewall gurus out there:

Can linux (running in promiscuous mode) intercept and block packets via firewall rules (basically block inappropriate packets via a firewall, but the traffic isn't physically going through linux (say, in a traditional dual-nic setup)?

I want linux to firewall incoming and outgoing traffic from our LAN to our WAN connection, but I don't want the connection physically broken if the linux box happens to go down.

In other words, I want traffic to do this: LAN -> linux -> WAN, without the linux step being a major point of failure from a hardware point of view.

The problem is that our WAN router doesn't have the capability to diplicate all I/O to one host, so I thought that I might be able to rig something with an old hub we have (put the hub between the WAN router and our LAN switches, and put the linux box on that hub).

I know there are fancy proxy/firewall systems (expensive network appliances) that do similar things, but this is a different situation.

I'm working with a very tight budget (we're a very small operation) and trying to improvise with what hardware we have on hand.

Is there a way to accomplish this?
Old 11-16-2004, 07:12 PM   #2
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Unless the linux box is in-line then no it can't block. There is linux software that can respond to network triggers and send a spoofed rst packet to 'kill' a tcp connection based on rules. But tcp isn't the only protocol to watch for.

You may want to have a look at the honeynet project. There may be some info there. I've seen plenty of interactive connection killers and this may be what you want to look at. But far as protections that are not in-line, those are typically passive (report only) IDS solutions. A firewall has to be in-line or else it's not a firewall.

ipv4 networks were not designed to allow what you ask.. since in the wrong hands it could be a really bad thing.. it's possible but on a really limited scope. And for good reason.

I hope the honeynet project has something that will help.

Old 11-16-2004, 07:19 PM   #3
Registered: Feb 2002
Posts: 322

Original Poster
Rep: Reputation: 30
Interesting. TCP is what I would be blocking, of course.

The apps I've seen that do block that traffic (like the network appliances I was referring to earlier), do break the OSI model, come to think of it.

I did have my doubts.... and you confirmed my initial impression on the matter. I just wasn't sure.

I'll look into this info... thank you.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
problem loading in promisc mode juanb Linux - Networking 1 09-16-2004 07:54 PM
set nic in promisc mode juanb Linux - Networking 1 09-01-2004 03:40 PM
configuring an interface to go into promisc mode on bootup xyyz Linux - Newbie 1 03-19-2004 04:19 AM
Promisc mode:Win2k question A-dummy Linux - Networking 3 09-03-2002 10:54 PM
eth0 in promisc mode sabeel_ansari Programming 2 06-21-2002 06:14 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:41 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration