Date: Thu, 13 Sep 2007 17:27:17 -0500 From: Erik Osterholm <freebsd-lists-erik@erikosterholm.org> To: Brian McCann <bjmccann@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Bridging and port mirroring Message-ID: <20070913222717.GB2632@idoru.cepheid.org> In-Reply-To: <2b5f066d0709130929w7c4aa02ax4bc25282ff7122c5@mail.gmail.com> References: <2b5f066d0709130929w7c4aa02ax4bc25282ff7122c5@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 13, 2007 at 12:29:30PM -0400, Brian McCann wrote: > I've poked around on the web, but come up empty. And I find it hard > to believe there's not a simple way to do this, if it hasn't been done > before. > > I've got a server with two nics configured for bridging and running > bunches of ipfw rules. I'd like to add a 3rd NIC and have it mirror > the 2nd NIC (so all traffic into and out of nic2 goes to nic3), so I > can run an IDS on another server. Yes, I know that has the potential > to overload nic3 if there is a lot of traffic going in and out of > nic2, but that's not an issue for me. > > Has anyone done this before, or know how to do this? Are you using if_bridge? If so, it supports creating span interfaces. It's easy to set up, and it almost does what you describe (instead of only showing traffic into/out of nic2, it's going to show all traffic on bridge0.) Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070913222717.GB2632>