Bridging and port mirroring
Erik Osterholm
freebsd-lists-erik at erikosterholm.org
Thu Sep 13 15:27:18 PDT 2007
On Thu, Sep 13, 2007 at 12:29:30PM -0400, Brian McCann wrote:
> I've poked around on the web, but come up empty. And I find it hard
> to believe there's not a simple way to do this, if it hasn't been done
> before.
>
> I've got a server with two nics configured for bridging and running
> bunches of ipfw rules. I'd like to add a 3rd NIC and have it mirror
> the 2nd NIC (so all traffic into and out of nic2 goes to nic3), so I
> can run an IDS on another server. Yes, I know that has the potential
> to overload nic3 if there is a lot of traffic going in and out of
> nic2, but that's not an issue for me.
>
> Has anyone done this before, or know how to do this?
Are you using if_bridge? If so, it supports creating span interfaces.
It's easy to set up, and it almost does what you describe (instead of
only showing traffic into/out of nic2, it's going to show all traffic
on bridge0.)
Erik
More information about the freebsd-questions
mailing list