Hi, I am setting up a freebsd box to act as a snort sensor on a network. The box has three nics, one internal nic for talking on the network and to the management server, and two nics on a single pci card that each connect to SPAN ports on my switch. I am trying to bind the two adapters on the freebsd box so I have one virtual adapter that snort can listen to.
I have been researching netgraph for some time and the script I have been using to configure the adapters is: Code: #!/bin/sh echo "Trying kldload ng_ether..." kldload ng_ether echo "Putting dual adapters into promisc mode..." ifconfig em0 promisc -arp up ifconfig em1 promisc -arp up echo "Trying mkpeer . eiface hook ether" ngctl mkpeer . eiface hook ether echo "Trying mkpeer ngeth0: one2many lower one" ngctl mkpeer ngeth0: one2many lower one echo "Trying ngctl connect em0: ngeth0: lower lower many0" ngctl connect em0: ngeth0:lower lower many0 echo "Trying ngctl connect em1: ngeth0: lower lower many1" ngctl connect em1: ngeth0:lower lower many1 echo "Tryinh ifconfig ngeth0 -arp up" ifconfig ngeth0 -arp up However when I run the script I get: Code: Trying kldload ng_ether... Putting dual adapters into promisc mode... Trying mkpeer . eiface hook ether Trying mkpeer ngeth0: one2many lower one ngctl: send msg: Protocol family not supported Trying ngctl connect em0: ngeth0: lower lower many0 ngctl: send msg: No such file or directory Trying ngctl connect em1: ngeth0: lower lower many1 ngctl: send msg: No such file or directory Tryinh ifconfig ngeth0 -arp up Now 'ngeth0' appears in ifconfig: Code: ngeth0: flags=88c3<UP,BROADCAST,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 00:00:00:00:00:00 but when I TCPDUMP from it it never records any packets even though I know the span ports are sending the individual NICs data. I have been googling the error messages that are returned by the bonding script but have been unable to get packets to cross ngeth0. Any advice or tips for troubleshooting this would be greatly appreciated. Thank you in advance. Will Urbanski _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"