Hi Scott, > I am using Snort and a few other tools to decide which I'd like best. > Here's the thing about Lowell's comment on Bridging. Is this necessary > in this case?
It certainly isn't necessary...it is an option. > I don't want the interface without an IP to EVER transmit > outbound. A firewall could accomplish this... <<snip>> >(specifying it as such in /etc/rc.conf as ifconfig_xl1="up") Have you tried to specify "ifconfig xl1 up" on the command line?...I'm not sure that "ifconfig_xl1="up" is a legal statement in rc.conf(could be wrong). Once you get it working, (to avoid unnecessary variables) you might want to do "ifconfig xl1 -arp" to disable arp on that interface if it's just going to sit in promiscuous mode. >> For some reason, this is just not working for me at all. I've tried to >> configure via rc.conf and this fails to work. I've also tried assigning >> an RFC 1918 address to the interface I want sniffing as this traffic >> should not be routable, but it doesn't seem to work. This could be because your xl0 interface is already assigned a 192.168.x.x address. I don't think FreeBSD can have two interfaces on the same subnet. You could have to interfaces of different subnets (eg. 192.168.0.0/24 and 192.168.1.0/24) -Stephen _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"