Date: Fri, 08 Jul 2005 14:38:44 -0300 From: Vinicius Pavanelli Vianna <ds@hacked.com.br> To: freebsd-questions@freebsd.org Subject: IPFW not seeing packages from passive monitor Message-ID: <42CEBA24.2040006@hacked.com.br>
next in thread | raw e-mail | index | archive | help
Hi, I just had setup a FreeBSD server to do some monitor on bandwidth and IDS on a passive port in my switch (a span port), so i'm doing some ipfw rules to connect with rrdtool and get some graphs of traffic by tcpports and this kind of stuff, but all packages from this NIC in the span port seems to not be visible to ipfw, i can tcpdump it, but no rule can count this packages, what can be the cause of this? I had setup an internal IP on this NIC (10.0.0.0/8), ipfw on the other interface works ok, i have this sysctl settings: net.link.ether.inet.proxyall: 0 net.link.ether.inet.log_arp_wrong_iface: 1 net.link.ether.inet.log_arp_movements: 1 net.link.ether.ipfw: 1 net.inet.ip.fw.enable: 1 net.inet.ip.fw.autoinc_step: 100 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 0 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.dyn_max: 4096 net.inet.ip.fw.static_count: 13 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_keepalive: 1 TIA, Vinicius
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42CEBA24.2040006>