Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 3 Jan 2004 16:59:34 -0500 (EST)
From:      "Stephen L Martin" <freebsd@jyroscop.cotse.net>
To:        <srenna@vdbmusic.com>
Cc:        freebsd-questions@freebsd.org
Subject:   RE: problem with 2 nics in same box
Message-ID:  <anlyb3Njb3A=.d4c5760195141b032976e2bfe9368d0e@1073167174.cotse.net>
In-Reply-To: <000201c3d238$070d2790$0201a8c0@mars>
References:  <3FF6FB80.2080807@cream.org> <000201c3d238$070d2790$0201a8c0@mars>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Scott,

> I am using Snort and a few other tools to decide which I'd like best.
> Here's the thing about Lowell's comment on Bridging.  Is this necessary
> in this case?

It certainly isn't necessary...it is an option.

> I don't want the interface without an IP to EVER transmit
> outbound.

A firewall could accomplish this...

<<snip>>
>(specifying it as such in /etc/rc.conf as ifconfig_xl1="up")

Have you tried to specify "ifconfig xl1 up" on the command line?...I'm not
sure that "ifconfig_xl1="up" is a legal statement in rc.conf(could be
wrong).

Once you get it working, (to avoid unnecessary variables) you might want
to do "ifconfig xl1 -arp" to disable arp on that interface if it's just
going to sit in promiscuous mode.

>> For some reason, this is just not working for me at all.  I've tried to
>> configure via rc.conf and this fails to work.  I've also tried assigning
>> an RFC 1918 address to the interface I want sniffing as this traffic
>> should not be routable, but it doesn't seem to work.

This could be because your xl0 interface is already assigned a 192.168.x.x
address. I don't think FreeBSD can have two interfaces on the same subnet.
You could have to interfaces of different subnets (eg. 192.168.0.0/24 and
192.168.1.0/24)


-Stephen







Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?anlyb3Njb3A=.d4c5760195141b032976e2bfe9368d0e>