From owner-freebsd-hackers  Mon Jul  3 13:45:14 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by hub.freebsd.org (Postfix) with ESMTP id 1D48B37B8C6
	for <freebsd-hackers@freebsd.org>; Mon,  3 Jul 2000 13:45:08 -0700 (PDT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.9.3/8.9.3) id PAA09565;
	Mon, 3 Jul 2000 15:45:05 -0500 (CDT)
	(envelope-from dan)
Date: Mon, 3 Jul 2000 15:45:05 -0500
From: Dan Nelson <dnelson@emsphone.com>
To: Nick Evans <nevans@nextvenue.com>, freebsd-hackers@freebsd.org
Subject: Re: BPF and Promiscuous Mode
Message-ID: <20000703154505.A4860@dan.emsphone.com>
References: <712384017032D411AD7B0001023D799B07C931@SN1EXCHMBX>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.4i
In-Reply-To: <712384017032D411AD7B0001023D799B07C931@SN1EXCHMBX>; from "Nick Evans" on Mon Jul  3 16:10:42 GMT 2000
X-OS: FreeBSD 5.0-CURRENT
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In the last episode (Jul 03), Nick Evans said:
> I'm trying to use IPFilter's copying functions to make a load
> balancer, I have traffic being mirrored from a router to one
> interface on the BSD box, and for some reason the only time netstat
> reports any traffic on that interface is when tcpdump or some other
> program that utilizes BPF is running. I have a feeling that this is
> why I cannot get the packet copying functionality of IPFilter to
> work. I guess there is no similar way as in Linux (ifconfig <int>
> PROMISC) to turn BPF on permanently?

So you have:

                [ router ]
                     |
                     |
                [ BSD box ]
                  |     |     
                  |     |
            [ web  ]   [ web  ]
            [server]   [server]


?  You'll probably want either routing or bridging enabled on the BSD
box, to handle any DNS lookups or other activity the web servers will
be doing, and with either of those enabled, ipfilter should be able to
process the packets.  I've never used ipfilter myself, though, so I
can't say whether this will definitely work or not.

-- 
	Dan Nelson
	dnelson@emsphone.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message