Hi Scott,

> I am using Snort and a few other tools to decide which I'd like best.
> Here's the thing about Lowell's comment on Bridging.  Is this necessary
> in this case?

It certainly isn't necessary...it is an option.

> I don't want the interface without an IP to EVER transmit
> outbound.

A firewall could accomplish this...

<<snip>>
>(specifying it as such in /etc/rc.conf as ifconfig_xl1="up")

Have you tried to specify "ifconfig xl1 up" on the command line?...I'm not
sure that "ifconfig_xl1="up" is a legal statement in rc.conf(could be
wrong).

Once you get it working, (to avoid unnecessary variables) you might want
to do "ifconfig xl1 -arp" to disable arp on that interface if it's just
going to sit in promiscuous mode.

>> For some reason, this is just not working for me at all.  I've tried to
>> configure via rc.conf and this fails to work.  I've also tried assigning
>> an RFC 1918 address to the interface I want sniffing as this traffic
>> should not be routable, but it doesn't seem to work.

This could be because your xl0 interface is already assigned a 192.168.x.x
address. I don't think FreeBSD can have two interfaces on the same subnet.
You could have to interfaces of different subnets (eg. 192.168.0.0/24 and
192.168.1.0/24)


-Stephen





_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to