Re: interface bonding

[ Available lists | Index of freebsd-security | Month of Dec 2003 | Week of 16 Dec 2003 | Raw email | View thread | Wrap long lines | Reply | Tag ]
From
Vlad Galu <dudu@diaspar.rdsnet.ro>
Date
16 Dec 2003 01:06:47
Subject
Re: interface bonding
Message-ID
20031216110645.2752f5c8.dudu@diaspar.rdsnet.ro

In reply to
John
References to
John

[ Hide this part ] 
John <strgout@unixjunkie.com> writes:
 
|----- Forwarded message from John <strgout@mail.unixjunkie.com> -----
|
|Date: Mon, 15 Dec 2003 17:58:15 -0600
|From: John <strgout@mail.unixjunkie.com>
|To: freebsd-stable@freebsd.org
|Subject: interface bonding
|User-Agent: Mutt/1.4i
|
|Is there any way to bond sniffer interfaces?
|I've read a little on netgraph and it seems
|like i maybe able to use that but i'm not sure
|how to go about that.
|
|Basicly the end result is to have snort listen on
|a virtual interface, which will have data sent to
|it from say fxp0 and fxp1. I also want to make sure that
|data from fxp0, fxp1 or $VIRTUAL doesn't get sent out
|fxp1 or fxp0 for some reason.
|
|----- End forwarded message -----
|
|I'm sure i checked this before, but a google search turned up this.
|
|ngctl mkpeer fec dummy fec
|ngctl msg fec0: add_iface '"sf2"'
|ngctl msg fec0: add_iface '"sf3"'
|ngctl msg fec0: set_mode_inet
|ifconfig sf2 promisc
|ifconfig sf3 promisc
|ifconfig fec0 promisc
|
|after this fec0 will be the virtual if that gets the frames.
|
|This does depend on the fec module.
|# cd /usr/src/sys/modules/netgraph/fec/
|# make && make install
|
|http://taosecurity.blogspot.com/ <- this is where i found it.
|which points out this poster.
|http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ids/2003-10
|/0029.html
|
|So is there a reason the netgraph fec module isn't built by default?
 
	Yes. It's not very stable. Better use ng_one2many.
 
|_______________________________________________
|freebsd-security@freebsd.org mailing list
|http://lists.freebsd.org/mailman/listinfo/freebsd-security
|To unsubscribe, send any mail to
|"freebsd-security-unsubscribe@freebsd.org"
|
 
 
----
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
[ Show this part (application/pgp-signature) ]
Elapsed time: 0.120 seconds