dudu at diaspar.rdsnet.ro
Tue Dec 16 01:06:47 PST 2003
John <strgout at unixjunkie.com> writes:
|----- Forwarded message from John <strgout at mail.unixjunkie.com> -----
|Date: Mon, 15 Dec 2003 17:58:15 -0600
|From: John <strgout at mail.unixjunkie.com>
|To: freebsd-stable at freebsd.org
|Subject: interface bonding
|Is there any way to bond sniffer interfaces?
|I've read a little on netgraph and it seems
|like i maybe able to use that but i'm not sure
|how to go about that.
|Basicly the end result is to have snort listen on
|a virtual interface, which will have data sent to
|it from say fxp0 and fxp1. I also want to make sure that
|data from fxp0, fxp1 or $VIRTUAL doesn't get sent out
|fxp1 or fxp0 for some reason.
|----- End forwarded message -----
|I'm sure i checked this before, but a google search turned up this.
|ngctl mkpeer fec dummy fec
|ngctl msg fec0: add_iface '"sf2"'
|ngctl msg fec0: add_iface '"sf3"'
|ngctl msg fec0: set_mode_inet
|ifconfig sf2 promisc
|ifconfig sf3 promisc
|ifconfig fec0 promisc
|after this fec0 will be the virtual if that gets the frames.
|This does depend on the fec module.
|# cd /usr/src/sys/modules/netgraph/fec/
|# make && make install
|http://taosecurity.blogspot.com/ <- this is where i found it.
|which points out this poster.
|So is there a reason the netgraph fec module isn't built by default?
Yes. It's not very stable. Better use ng_one2many.
|freebsd-security at freebsd.org mailing list
|To unsubscribe, send any mail to
|"freebsd-security-unsubscribe at freebsd.org"
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20031216/9693f46f/attachment.bin
More information about the freebsd-security