On 2014-09-08 15:36, Anil Jangity wrote:
I would like to setup “port mirroring” … I would like to mirror network
specific packets going to a zone to another zone. What are some approaches I
can take to doing this?
Does ilbadm/ipfilter support this?
I haven’t used Crossbow in a while, so am trying to remember if there is
something in there I could use.
Take a look at ipfilter. There is a keyword that can be used for such
mirroring or to ensure "source-based routing":
# enforce that packets coming out of an interface go to the correct subnet
# rhetoric question: does this skip the firewall rules below in the file?
block out quick on vlan186 to vlan81:x.y.z.2 from x.y.z.0/24 to any
block out quick on vlan81 to vlan186:192.168.186.2 from ! x.y.z.0/24 to any
block out quick on e1000g0 to e1000g81000:x.y.z.2 from x.y.z.0/24 to any
block out quick on e1000g81000 to e1000g0:192.168.186.2 from !
x.y.z.0/24 to any
Maybe you can similarly forward packets to another VNIC on the same host...
Hope this helps,
//Jim Klimov
_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
