Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 04 Jan 2004 02:14:25 +0000
From:      Andrew Boothman <>
To:        Scott Renna <>
Subject:   Re: problem with 2 nics in same box
Message-ID:  <>
In-Reply-To: <000201c3d238$070d2790$0201a8c0@mars>
References:  <000201c3d238$070d2790$0201a8c0@mars>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Scott Renna wrote:
> I am using Snort and a few other tools to decide which I'd like best.
> Here's the thing about Lowell's comment on Bridging.  Is this necessary
> in this case?  I don't want the interface without an IP to EVER transmit
> outbound.  If I Need to enable bridging I'll do so.  The other thing is,
> is it possible to configure each card to be on a different subnet(like
> xl1 on 10.X.X.X and xl0 on 192.X.X.X)?

See Matthew Seaman's post on this - I think he knows more about this 
than I do ;) I remember using snort for something recently and don't 
remember encountering any problems - It shouldn't need to be assigned an 

> Andrew, do you like VooDoo Blue?  Let me know, I am involved.

For some reason, your email address insipred me to check out - I hadn't heard of the band before then. I downloaded 
a couple of MP3s from the site and they are pretty good :)

Not sure if their music ever makes it to Scotland though, which is where 
I am!

> -----Original Message-----
> From: Andrew Boothman [] 
> Sent: Saturday, January 03, 2004 12:27 PM
> To: Scott Renna
> Cc:
> Subject: Re: problem with 2 nics in same box
> Scott Renna wrote:
>>Hello List,
>>I am having some difficulty in getting my xl0 and xl1 3com cards to
> work
>>the way I'd like.  I'm running 5.1 Release and I'm basically trying to
>>have one interface with no IP address(specifying it as such in
>>/etc/rc.conf as ifconfig_xl1="up") And I'd like to have the other(xl0)
>>to have an IP address of my Internal Network.  The purpose of this
> setup
>>is to sniff traffic with the interface that has no IP address and
> allow
>>for management and reporting over the interface that has an IP
>>associated with the Internal network.
>>For some reason, this is just not working for me at all.  I've tried
> to
>>configure via rc.conf and this fails to work.  I've also tried
> assigning
>>an RFC 1918 address to the interface I want sniffing as this traffic
>>should not be routable, but it doesn't seem to work. 
> What software are you using to sniff the traffic? Do you have the bpf 
> device in your kernel? Do you get an error message or just no traffic 
> recieved?
> Andrew
> P.S. Are you something to do with VooDoo Blue or do you just do their 
> web site, or just a fan or something? :)

Want to link to this message? Use this URL: <>