From owner-freebsd-questions@FreeBSD.ORG Mon Jun 20 17:13:20 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 249D616A41C for ; Mon, 20 Jun 2005 17:13:20 +0000 (GMT) (envelope-from ted@ness.plymouth.edu) Received: from ness.plymouth.edu (ness.plymouth.edu [158.136.1.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDA1843D1F for ; Mon, 20 Jun 2005 17:13:19 +0000 (GMT) (envelope-from ted@ness.plymouth.edu) Received: (from root@localhost) by ness.plymouth.edu (8.13.3/8.12.10) id j5KHDD1O037482 for freebsd-questions@freebsd.org; Mon, 20 Jun 2005 13:13:13 -0400 (EDT) (envelope-from ted@ness.plymouth.edu) Received: from ness.plymouth.edu (ness.plymouth.edu [158.136.1.140]) by ness.plymouth.edu (8.13.3/8.12.4) with ESMTP id j5KHDDbv037476 for ; Mon, 20 Jun 2005 13:13:13 -0400 (EDT) From: Ted Wisniewski Organization: Plymouth State To: freebsd-questions@freebsd.org Date: Mon, 20 Jun 2005 13:13:12 -0400 User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200506201313.12479.ted@wiz.plymouth.edu> X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on hyperion.plymouth.edu X-Spam-Level: X-Spam-Status: No, score=-5.8 required=8.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.0.1 Subject: Netgraph - 2 physical interfaces mirrored to 3rd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2005 17:13:20 -0000 I pieced some info together from various sources... See the following script (running on 5.4-p2, comments are in the script). I seem to have run into a roadblock though... I am hoping someone else has seen this and solved it. Ted #!/bin/csh # +---------+ # (sk0) <--->| |<---> (sk1) # | | # +---------+ # ^ # | # (xl0) # # In this case, sk0 and sk1 are two sides of a firewall and # xl0 represents a physical interface that the traffic is to # be mirrored to. The intent is to create a place where a # sniffer / network monitoring tool can be connected. # # The problem... # # As soon as "ngctl connect sk0: xl0:lower lower many0" is run, # No traffic passes on sk0. Am I missing something obvious? # # kldload ng_ether kldload ng_one2many kldload netgraph ifconfig sk0 up ifconfig sk1 up ifconfig xl0 inet 10.10.10.10 netmask 255.255.255.0 media 100baseTX mediaopt ful l-duplex up ngctl list ngctl mkpeer xl0: one2many lower one # # The following line causes no traffic to pass on "sk0". # ngctl connect sk0: xl0:lower lower many0 # ngctl connect sk1: xl0:lower lower many1 ngctl msg sk0: setpromisc 1 ngctl msg sk1: setpromisc 1 ngctl msg xl0:lower setconfig "{ xmitAlg=1 failAlg=1 enabledLinks=[ 1 1 ] }" -- | Ted Wisniewski E-Mail: ted@mail.plymouth.edu | | Manager, Systems Group WEB: http://oz.plymouth.edu/~ted/ | | Information Technology Services | | Plymouth State University Phone: (603) 535-2661 | | Plymouth NH, 03264 Fax: (603) 535-2263 |