Trying to make a Host into a gigabit hub for testing

Michael DeMan michael at staff.openaccess.org
Thu Feb 9 19:53:33 PST 2006 

Buy a cheap managed switch and set one port up as a monitoring port  
and dump all your IDS traffic there?


Michael F. DeMan
Director of Technology
OpenAccess Network Services
Bellingham, WA 98225
michael at staff.openaccess.org
360-647-0785

On Feb 7, 2006, at 7:38 AM, Shawn Saunders wrote:

> Hello,
>
> Based on the below configuration, does anyone have an idea of what  
> I might be doing wrong?
>
> The following is a layout of the type of configuration, and I have  
> tried
> one2many and hub, but was unable to obtain the desired results.   
> Whenever I
> try to set multiple hooks to the same interface it fails, and  
> trying to
> bring a group of interfaces to a virtual interface, and then take that
> virtual interface out multiple different interfaces, seems to fail  
> (I can't
> even make the connection to the virtual interface to go to multiple  
> outs.)
>
> I will have 11 interfaces inbound from 11 different networks.
> I will have 4 outbound to 4 different IDS's and sensors.
> I would like to have 11 interfaces come into a single virtual  
> interface.
> This way I could run tcpdump and/or snort on the box itself and  
> obtain quick
> info, and do validation of packet data, between the capture system  
> and the
> IDS and sensors.
> I would like to redirect all the traffic from that one virtual  
> interface to
> a group of 4 physical interfaces so the sensors can work on it.
>
> Here is a configuration I tried.  Any comments or suggestions are
> appreciated.
> This initial script, only takes 3 input interfaces into a single  
> virtual
> interface.  This works.
> Then when I try to take that virtual interface and echo it out  
> multiple
> interfaces, it fails.
>
> #!/bin/sh
> # Initialize and bring up all interfaces
> for i in 0 1 2 3 4 5 6 7 8 9 10 11
> do /sbin/ifconfig em$i up
> done
> for g in 0 1
> do /sbin/ifconfig bge$g up
> done
> /sbin/ifconfig fxp0 up
> # Load needed kernel modules
> /sbin/kldload /boot/kernel/ng_ether.ko
> /sbin/kldload /boot/kernel/ng_one2many.ko
> /sbin/kldload /boot/kernel/ng_fec.ko
> # Create Virtual Interface
> /usr/sbin/ngctl mkpeer fec dummy fec
> # Bind physical input interfaces to virtual interface
> /usr/sbin/ngctl msg fec0: add_iface '"em0"'
> /usr/sbin/ngctl msg fec0: add_iface '"em1"'
> /usr/sbin/ngctl msg fec0: add_iface '"em2"'
> # Set forwarding mode to mac address layer.
> /usr/sbin/ngctl msg fec0: set_mode_mac
> # Configure the virtual interface to deliver packets out the others
> ngctl mkpeer fec0: one2many upper one
> ngctl name fec0:upper secur
> ngctl connect bge0: secur: upper many0
> ngctl connect bge1: secur: upper many1
> ngctl msg secur: setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[ 1  
> 1 ] }"
> # Set all interfaces Promisc mode and turn off autosrc routing
> for s in 0 1 2 3 4 5 6 7 8 9 10 11
>  do /usr/sbin/ngctl msg em$s: setpromisc 1
>  /usr/sbin/ngctl msg em$s: setautosrc 0
>  done
> for t in 0 1
>  do /usr/sbin/ngctl msg bge$t: setpromisc 1
>  /usr/sbin/ngctl msg bge$t: setautosrc 0
>  done
> #EOF
>
> Before sending 3 pings accross em2:
> gigihub# netstat -I bge0 ; netstat -I bge1 ; netstat -I fec0 ;  
> netstat -I
> em2
>
> Name    Mtu Network       Address                Ipkts Ierrs     
> Opkts Oerrs
> Coll
> bge0     1500                  00:e0:81:32:f4:52        0      
> 0        5
> 0     0
> bge0     1500 fe80:b::2e0:8 fe80:b::2e0:81ff:        0     -         
> 4     -
>    -
> Name    Mtu Network       Address                Ipkts Ierrs     
> Opkts Oerrs
> Coll
> bge1     1500                  00:e0:81:32:f4:53        0      
> 0        0
> 0     0
> bge1     1500 fe80:c::2e0:8 fe80:c::2e0:81ff:        0     -         
> 4     -
>    -
> Name    Mtu Network       Address                Ipkts Ierrs     
> Opkts Oerrs
> Coll
> fec0*    1500                 00:04:23:c1:0e:50       11      
> 0        0
> 0     0
> Name    Mtu Network       Address                Ipkts Ierrs     
> Opkts Oerrs
> Coll
> em2      1500                00:04:23:c1:0e:50       41      
> 0        5     0
>     0
> em2      1500 fe80:5::204:2 fe80:5::204:23ff:       0     -         
> 4     -
>   -
>
> After sending 3 pings accross em2:
> gigihub# netstat -I bge0 ; netstat -I bge1 ; netstat -I fec0 ;  
> netstat -I
> em2
> Name    Mtu Network       Address              Ipkts Ierrs    Opkts  
> Oerrs
> Coll
> bge0     1500                00:e0:81:32:f4:52        0      
> 0        5     0
>     0
> bge0     1500 fe80:b::2e0:8 fe80:b::2e0:81ff:        0     -         
> 4     -
>    -
> Name    Mtu Network        Address              Ipkts Ierrs     
> Opkts Oerrs
> Coll
> bge1     1500      00:e0:81:32:f4:53                   0      
> 0        0
> 0     0
> bge1     1500 fe80:c::2e0:8 fe80:c::2e0:81ff:       0     -         
> 4     -
>   -
> Name    Mtu Network       Address               Ipkts Ierrs     
> Opkts Oerrs
> Coll
> fec0*    1500      00:04:23:c1:0e:50                 15      
> 0        0     0
>     0
> Name    Mtu Network       Address               Ipkts Ierrs     
> Opkts Oerrs
> Coll
> em2     1500       00:04:23:c1:0e:50                45     0         
> 5     0
>    0
> em2     1500 fe80:5::204:2 fe80:5::204:23ff:      0     -         
> 4     -
> -
>
> Shawn Saunders _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list