The man page makes it clear that "dup-to" acts just like "route-to", except
that the original packet still routes the way it would have. The implication
being that "dup-to" needs to determine where to route the new packet.
This means that the more useful form of this is likely to be:
pass out on em0 dup-to ( em2 X.X.X.X ) no state
Where "X.X.X.X" is the IP of the host connected via em2 that will be receiving
the duplicated packet.
The difference between using a bridge to accomplish this, vs. pf, is that pf
operates at layer 3 and will not preserve the layer 2 mac headers, whereas
bridge will preserve these.
Hopefully this will fit your requirements.
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Milosz Kaniewski
Sent: Sunday, October 11, 2015 6:16 AM
To: [email protected]
Subject: Creating span interface using 'dup-to' option
uname -a:
FreeBSD freebsd11_master.kvm 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r285616:
Thu Jul 16 02:21:59 UTC 2015
[email protected]:/usr/obj/usr/src/sys/GENERIC
amd64
+----------+ +-----------+ +----------+
| | em0| |em1 | |
| host1 +--------+ FreeBSD +--------+ host2 |
| | | | | |
+----------+ +-----------+ +----------+
|em2
|
|
v
Hi,
I have FreeBSD machine which forwards packets between host1 and host2. This
machine has also an additional interface (em2) which act as span interface
- all traffic between host1 and host2 is copied into it.
To achieve this scenario I can set bridge with em0 and em1 as members and
em2 as span interface. But I would like to get same result using pf
instead. So I tried to use this rules:
pass out on em0 dup-to em2 no state
pass out on em1 dup-to em2 no state
But it doesn't work. No packets appear on interface em2. I've checked same
configuration on OpenBSD and everything worked well.
Is there any difference in setting dup-to rule in FreeBSD and OpenBSD pf?
Thanks for help.
Best regards.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
________________________________
This email message is intended for the use of the person to whom it has been
sent, and may contain information that is confidential or legally protected. If
you are not the intended recipient or have received this message in error, you
are not authorized to copy, distribute, or otherwise use this message or its
attachments. Please notify the sender immediately by return e-mail and
permanently delete this message and any attachments. makes no warranty that
this email is error or virus free. Thank you.
________________________________
This email message is intended for the use of the person to whom it has been
sent, and may contain information that is confidential or legally protected. If
you are not the intended recipient or have received this message in error, you
are not authorized to copy, distribute, or otherwise use this message or its
attachments. Please notify the sender immediately by return e-mail and
permanently delete this message and any attachments. NTT America makes no
warranty that this email is error or virus free. Thank you.
________________________________
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
