So I happened to find myself with a bunch of old Linksys wireless
routers lying around. I like to collect such things from friends and
relatives after they've been "fried" in hopes of one day bringing them
back to life and hacking them into something useful. We all know how
that goes. These poor, forgotten toys spent most of the last few years
gathering dust in my basement, longing for someone to play with them.
Until now...
I promise I'll put up a HOWTO here eventually. Honest. Real Soon Now. Life has been coming at me faster than usual lately...
If you're antsy and want to see what I'm up to, I've begun populating my small github repository: https://github.com/vineyard/WRT-SPAN
Here's my first draft at a network diagram. If this makes any sense at all to you, you have entirely too much free time and/or really good eyes. ;-)
The whole point here is to have a full-packet tap at my WAN border (outside the first NAT firewall), a QoS-enabled NAT firewall / router in the middle, and a lightweight NetFlow probe immediately behind the border firewall and in front of my internal LAN. I also wanted full remote management, including filtering capabilities, over all of these moving parts at any given time without having to reconfigure or disconnect anything. Finally, I needed to be able to monitor all of this using a single x86-based server outfitted with only two network interfaces. Note that there's no DMZ in this setup, although the configuration could be adjusted to accommodate such a topology.
Once the OpenWRT development series "Attitude Adjustment" stabilizes and I'm able to actually utilize the wifi on my WRT150N with reasonably current software, I may try to throw Kismet in the mix here too. For now it's all just a bunch of bridged VLANs, Daemonlogger, and nProbe. But holy crap, it works like a champ. Eat your heart out, Gigamon.
I promise I'll put up a HOWTO here eventually. Honest. Real Soon Now. Life has been coming at me faster than usual lately...
If you're antsy and want to see what I'm up to, I've begun populating my small github repository: https://github.com/vineyard/WRT-SPAN
Here's my first draft at a network diagram. If this makes any sense at all to you, you have entirely too much free time and/or really good eyes. ;-)
The whole point here is to have a full-packet tap at my WAN border (outside the first NAT firewall), a QoS-enabled NAT firewall / router in the middle, and a lightweight NetFlow probe immediately behind the border firewall and in front of my internal LAN. I also wanted full remote management, including filtering capabilities, over all of these moving parts at any given time without having to reconfigure or disconnect anything. Finally, I needed to be able to monitor all of this using a single x86-based server outfitted with only two network interfaces. Note that there's no DMZ in this setup, although the configuration could be adjusted to accommodate such a topology.
Once the OpenWRT development series "Attitude Adjustment" stabilizes and I'm able to actually utilize the wifi on my WRT150N with reasonably current software, I may try to throw Kismet in the mix here too. For now it's all just a bunch of bridged VLANs, Daemonlogger, and nProbe. But holy crap, it works like a champ. Eat your heart out, Gigamon.
No comments:
Post a Comment