Date: Mon, 15 Dec 2003 23:27:47 -0600 From: John <strgout@unixjunkie.com> To: freebsd-security@freebsd.org Subject: RE: interface bonding Message-ID: <20031216052747.GA39053@mail.unixjunkie.com>
next in thread | raw e-mail | index | archive | help
----- Forwarded message from John <strgout@mail.unixjunkie.com> ----- Date: Mon, 15 Dec 2003 17:58:15 -0600 From: John <strgout@mail.unixjunkie.com> To: freebsd-stable@freebsd.org Subject: interface bonding User-Agent: Mutt/1.4i Is there any way to bond sniffer interfaces? I've read a little on netgraph and it seems like i maybe able to use that but i'm not sure how to go about that. Basicly the end result is to have snort listen on a virtual interface, which will have data sent to it from say fxp0 and fxp1. I also want to make sure that data from fxp0, fxp1 or $VIRTUAL doesn't get sent out fxp1 or fxp0 for some reason. ----- End forwarded message ----- I'm sure i checked this before, but a google search turned up this. ngctl mkpeer fec dummy fec ngctl msg fec0: add_iface '"sf2"' ngctl msg fec0: add_iface '"sf3"' ngctl msg fec0: set_mode_inet ifconfig sf2 promisc ifconfig sf3 promisc ifconfig fec0 promisc after this fec0 will be the virtual if that gets the frames. This does depend on the fec module. # cd /usr/src/sys/modules/netgraph/fec/ # make && make install http://taosecurity.blogspot.com/ <- this is where i found it. which points out this poster. http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ids/2003-10/0029.html So is there a reason the netgraph fec module isn't built by default?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031216052747.GA39053>