Abel Alejandro wrote:
Hello, I have two interfaces. The rl0 is for monitoring purposes and fxp0 is
for normal internet access.
rl0 is attached to a catalyst port using SPAN, meaning all the traffic going
to the internet gets mirrored to
this port. fxp0 is on the same catalyst.

If I shutdown rl0 then I can access fxp0 from the outside, but if I ifconfig
rl0 up then
I am just allowed to access fxp0 within machines in the 196.12.X.0 network.

rl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        inet netmask 0xa0000fc broadcast
        inet6 fe80::2e0:7dff:fed0:fdf4%rl0 prefixlen 64 scopeid 0x1
        ether 00:e0:7d:d0:fd:f4
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

if this is just for monitoring with SPAN, you shouldn't give it an address at all. just bring it up.

i also suggest locking your interfaces and switch ports to their respective speed and duplex.
you will see improvements in performance.


