IPFW not seeing packages from passive monitor
Vinicius Pavanelli Vianna
ds at hacked.com.br
Fri Jul 8 17:40:02 GMT 2005
Hi,
I just had setup a FreeBSD server to do some monitor on bandwidth and
IDS on a passive port in my switch (a span port), so i'm doing some ipfw
rules to connect with rrdtool and get some graphs of traffic by tcpports
and this kind of stuff, but all packages from this NIC in the span port
seems to not be visible to ipfw, i can tcpdump it, but no rule can count
this packages, what can be the cause of this?
I had setup an internal IP on this NIC (10.0.0.0/8), ipfw on the other
interface works ok, i have this sysctl settings:
net.link.ether.inet.proxyall: 0
net.link.ether.inet.log_arp_wrong_iface: 1
net.link.ether.inet.log_arp_movements: 1
net.link.ether.ipfw: 1
net.inet.ip.fw.enable: 1
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 0
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.dyn_max: 4096
net.inet.ip.fw.static_count: 13
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_keepalive: 1
TIA,
Vinicius
More information about the freebsd-questions
mailing list