interface bonding
John
strgout at unixjunkie.com
Mon Dec 15 21:00:48 PST 2003
----- Forwarded message from John <strgout at mail.unixjunkie.com> -----
Date: Mon, 15 Dec 2003 17:58:15 -0600
From: John <strgout at mail.unixjunkie.com>
To: freebsd-stable at freebsd.org
Subject: interface bonding
User-Agent: Mutt/1.4i
Is there any way to bond sniffer interfaces?
I've read a little on netgraph and it seems
like i maybe able to use that but i'm not sure
how to go about that.
Basicly the end result is to have snort listen on
a virtual interface, which will have data sent to
it from say fxp0 and fxp1. I also want to make sure that
data from fxp0, fxp1 or $VIRTUAL doesn't get sent out
fxp1 or fxp0 for some reason.
----- End forwarded message -----
I'm sure i checked this before, but a google search turned up this.
ngctl mkpeer fec dummy fec
ngctl msg fec0: add_iface '"sf2"'
ngctl msg fec0: add_iface '"sf3"'
ngctl msg fec0: set_mode_inet
ifconfig sf2 promisc
ifconfig sf3 promisc
ifconfig fec0 promisc
after this fec0 will be the virtual if that gets the frames.
This does depend on the fec module.
# cd /usr/src/sys/modules/netgraph/fec/
# make && make install
http://taosecurity.blogspot.com/ <- this is where i found it.
which points out this poster.
http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ids/2003-10/0029.html
So is there a reason the netgraph fec module isn't built by default?
More information about the freebsd-security
mailing list