From owner-freebsd-questions@FreeBSD.ORG  Fri Jul  8 17:40:02 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 08F2F16A41C
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Jul 2005 17:40:02 +0000 (GMT)
	(envelope-from ds@hacked.com.br)
Received: from web05.poli.usp.br (web05.poli.usp.br [143.107.106.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 14AEA43D49
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Jul 2005 17:40:00 +0000 (GMT)
	(envelope-from ds@hacked.com.br)
Received: from [172.20.0.3] ([201.13.3.7]) by web05.poli.usp.br over TLS
	secured channel with Microsoft SMTPSVC(5.0.2195.6713); 
	Fri, 8 Jul 2005 14:39:49 -0300
Message-ID: <42CEBA24.2040006@hacked.com.br>
Date: Fri, 08 Jul 2005 14:38:44 -0300
From: Vinicius Pavanelli Vianna <ds@hacked.com.br>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 08 Jul 2005 17:39:49.0900 (UTC)
	FILETIME=[0A5434C0:01C583E4]
Subject: IPFW not seeing packages from passive monitor
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2005 17:40:02 -0000

Hi,

I just had setup a FreeBSD server to do some monitor on bandwidth and
IDS on a passive port in my switch (a span port), so i'm doing some ipfw
rules to connect with rrdtool and get some graphs of traffic by tcpports
and this kind of stuff, but all packages from this NIC in the span port
seems to not be visible to ipfw, i can tcpdump it, but no rule can count
this packages, what can be the cause of this?
I had setup an internal IP on this NIC (10.0.0.0/8), ipfw on the other
interface works ok, i have this sysctl settings:

net.link.ether.inet.proxyall: 0
net.link.ether.inet.log_arp_wrong_iface: 1
net.link.ether.inet.log_arp_movements: 1
net.link.ether.ipfw: 1
net.inet.ip.fw.enable: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.dyn_max: 4096
net.inet.ip.fw.static_count: 13
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_keepalive: 1


TIA,
Vinicius