Posted by Grommish on May 11, 2020; 2:22am
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1995.html

Well, I've not really resolved the network issue, just part of it.   I found a combination of driver patches that work - mostly?

I put the patch file I'm using here just to preserve it.

Here are the issues I'm facing, and they are going to be software issues..

Right now, the image is working in a bastardized gateway mode.  This seems to be an issue with the network configuration AND snort3.

If you boot the Shield with the 'WAN' being eth0 and "br-lan" being eth1/2, then connect to eth1/2, your system will be assigned a 10.10.10.x IP via DHCP.. yay!  However, no DNS..  I can ping 1.1.1.1 without issue, but can't do a resolve from 10.10.10.10..

Now..  Here's the issue, and I don't know if this was just a coincidence or something more..

Snort3's IDS settings as I have them creates a transparent bridge across the eth0 and br-lan interfaces..  Except, this also passes through DHCP responses from the "WAN" interface..

Example:  My home network:

Internet -> Edge-router (192.168.1.x) -> Dlink stub-router (192.168.5.1, DNS @ 192.168.5.2) -> Shield (10.10.10.10) -> Laptop (set via DHCP)

Snort has always had minute or two between when it starts and when it becomes active.  You'll see a console message of "device eth0 entered promiscuous mode" after it's booted.  This means Snort is now running.

With Snort not running OR before being Active, a DHCP request from the Laptop will receive a 10.10.10.200 IP

enp7s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.200  netmask 255.255.255.0  broadcast 10.10.10.255
        inet6 fd18:640:804c:0:9ce:f97e:dc6f:753d  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::5ac2:4118:9a97:7ccb  prefixlen 64  scopeid 0x20<link>
        inet6 fd18:640:804c:0:5f9d:bd6b:93fe:db02  prefixlen 64  scopeid 0x0<global>
        ether d4:be:d9:35:ec:ae  txqueuelen 1000  (Ethernet)
        RX packets 4099651  bytes 4079566489 (4.0 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2683211  bytes 649962002 (649.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 101  collisions 0

DNS refuses to work on the Shield (Firewall? Port not open? I dunno).  There is Internet, but not DNS (ping 1.1.1.1 returns alive, but ping google.com gives a DNS resolve error).  Setting a DNS Server manually on the laptop restores connectivity.

With Snort3 running AND Active, the DHCP request from the laptop is passed out eth0 (WAN) and serviced by my DHCP/DNS server (192.168.5.2) and assigned a 192.168.5.x IP)...

If I can figure out why DNS on the Shield isn't working, I can then go back to snort dev list and  see what they can tell me.