From owner-freebsd-questions@FreeBSD.ORG Sat Jan 3 13:59:51 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8474A16A4CE for ; Sat, 3 Jan 2004 13:59:51 -0800 (PST) Received: from mailhost.cotse.com (mailhost.cotse.com [216.112.42.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5025543D48 for ; Sat, 3 Jan 2004 13:59:39 -0800 (PST) (envelope-from freebsd@jyroscop.cotse.net) Received: from www.cotse.net (www [216.112.42.60]) by mailhost.cotse.com (5.7.4/5.7.4) with ESMTP id i03LxZ8l033717; Sat, 3 Jan 2004 16:59:35 -0500 (EST) (envelope-from freebsd@jyroscop.cotse.net) Received: (from nobody@localhost) by www.cotse.net (5.7.4/5.7.4) id i03LxXsK038126; Sat, 3 Jan 2004 16:59:34 -0500 (EST) Received: from www.cotse.net by www.cotse.net with HTTP; Sat, 3 Jan 2004 16:59:34 -0500 (EST) Message-ID: Date: Sat, 3 Jan 2004 16:59:34 -0500 (EST) X-Abuse-To: abuse@cotse.net From: "Stephen L Martin" To: In-Reply-To: <000201c3d238$070d2790$0201a8c0@mars> References: <3FF6FB80.2080807@cream.org> <000201c3d238$070d2790$0201a8c0@mars> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: freebsd-questions@freebsd.org Subject: RE: problem with 2 nics in same box X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jan 2004 21:59:51 -0000 Hi Scott, > I am using Snort and a few other tools to decide which I'd like best. > Here's the thing about Lowell's comment on Bridging. Is this necessary > in this case? It certainly isn't necessary...it is an option. > I don't want the interface without an IP to EVER transmit > outbound. A firewall could accomplish this... <> >(specifying it as such in /etc/rc.conf as ifconfig_xl1="up") Have you tried to specify "ifconfig xl1 up" on the command line?...I'm not sure that "ifconfig_xl1="up" is a legal statement in rc.conf(could be wrong). Once you get it working, (to avoid unnecessary variables) you might want to do "ifconfig xl1 -arp" to disable arp on that interface if it's just going to sit in promiscuous mode. >> For some reason, this is just not working for me at all. I've tried to >> configure via rc.conf and this fails to work. I've also tried assigning >> an RFC 1918 address to the interface I want sniffing as this traffic >> should not be routable, but it doesn't seem to work. This could be because your xl0 interface is already assigned a 192.168.x.x address. I don't think FreeBSD can have two interfaces on the same subnet. You could have to interfaces of different subnets (eg. 192.168.0.0/24 and 192.168.1.0/24) -Stephen