problem with 2 nics in same box
Hello List, I am having some difficulty in getting my xl0 and xl1 3com cards to work the way I'd like. I'm running 5.1 Release and I'm basically trying to have one interface with no IP address(specifying it as such in /etc/rc.conf as ifconfig_xl1=up) And I'd like to have the other(xl0) to have an IP address of my Internal Network. The purpose of this setup is to sniff traffic with the interface that has no IP address and allow for management and reporting over the interface that has an IP associated with the Internal network. For some reason, this is just not working for me at all. I've tried to configure via rc.conf and this fails to work. I've also tried assigning an RFC 1918 address to the interface I want sniffing as this traffic should not be routable, but it doesn't seem to work. Can anyone make a suggestion? Here's what my rc.conf looks like: Hello List, I am having some difficulty in getting my xl0 and xl1 3com cards to work the way I'd like. I'm running 5.1 Release and I'm basically trying to have one interface with no IP address(specifying it as such in /etc/rc.conf as ifconfig_xl1=up) And I'd like to have the other(xl0) to have an IP address of my Internal Network. The purpose of this setup is to sniff traffic with the interface that has no IP address and allow for management and reporting over the interface that has an IP associated with the Internal network. Here's the first few lines of my /etc/rc.conf defaultrouter=192.168.1.1 hostname=charon ifconfig_xl0=inet 192.168.1.6 netmask 255.255.255.0 ifconfig_x11=up Will this accomplish what I'm trying to do successfully? Scott ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with 2 nics in same box
Scott Renna wrote: Hello List, I am having some difficulty in getting my xl0 and xl1 3com cards to work the way I'd like. I'm running 5.1 Release and I'm basically trying to have one interface with no IP address(specifying it as such in /etc/rc.conf as ifconfig_xl1=up) And I'd like to have the other(xl0) to have an IP address of my Internal Network. The purpose of this setup is to sniff traffic with the interface that has no IP address and allow for management and reporting over the interface that has an IP associated with the Internal network. For some reason, this is just not working for me at all. I've tried to configure via rc.conf and this fails to work. I've also tried assigning an RFC 1918 address to the interface I want sniffing as this traffic should not be routable, but it doesn't seem to work. What software are you using to sniff the traffic? Do you have the bpf device in your kernel? Do you get an error message or just no traffic recieved? Andrew P.S. Are you something to do with VooDoo Blue or do you just do their web site, or just a fan or something? :) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with 2 nics in same box
Scott Renna [EMAIL PROTECTED] writes: Hello List, I am having some difficulty in getting my xl0 and xl1 3com cards to work the way I'd like. I'm running 5.1 Release and I'm basically trying to have one interface with no IP address(specifying it as such in /etc/rc.conf as ifconfig_xl1=up) And I'd like to have the other(xl0) to have an IP address of my Internal Network. The purpose of this setup is to sniff traffic with the interface that has no IP address and allow for management and reporting over the interface that has an IP associated with the Internal network. For some reason, this is just not working for me at all. I've tried to configure via rc.conf and this fails to work. I've also tried assigning an RFC 1918 address to the interface I want sniffing as this traffic should not be routable, but it doesn't seem to work. Can anyone make a suggestion? Here's what my rc.conf looks like: Hello List, I am having some difficulty in getting my xl0 and xl1 3com cards to work the way I'd like. I'm running 5.1 Release and I'm basically trying to have one interface with no IP address(specifying it as such in /etc/rc.conf as ifconfig_xl1=up) And I'd like to have the other(xl0) to have an IP address of my Internal Network. The purpose of this setup is to sniff traffic with the interface that has no IP address and allow for management and reporting over the interface that has an IP associated with the Internal network. Here's the first few lines of my /etc/rc.conf defaultrouter=192.168.1.1 hostname=charon ifconfig_xl0=inet 192.168.1.6 netmask 255.255.255.0 ifconfig_x11=up Will this accomplish what I'm trying to do successfully? Just checking the obvious: you have bridging enabled, right? [As in the Bridging chapter of the Handbook.] -- Lowell Gilbert, embedded/networking software engineer, Boston area: resume/CV at http://be-well.ilk.org:8088/~lowell/resume/ username/password public ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: problem with 2 nics in same box
I am using Snort and a few other tools to decide which I'd like best. Here's the thing about Lowell's comment on Bridging. Is this necessary in this case? I don't want the interface without an IP to EVER transmit outbound. If I Need to enable bridging I'll do so. The other thing is, is it possible to configure each card to be on a different subnet(like xl1 on 10.X.X.X and xl0 on 192.X.X.X)? Bpf is in the kernel Andrew, do you like VooDoo Blue? Let me know, I am involved. -Original Message- From: Andrew Boothman [mailto:[EMAIL PROTECTED] Sent: Saturday, January 03, 2004 12:27 PM To: Scott Renna Cc: [EMAIL PROTECTED] Subject: Re: problem with 2 nics in same box Scott Renna wrote: Hello List, I am having some difficulty in getting my xl0 and xl1 3com cards to work the way I'd like. I'm running 5.1 Release and I'm basically trying to have one interface with no IP address(specifying it as such in /etc/rc.conf as ifconfig_xl1=up) And I'd like to have the other(xl0) to have an IP address of my Internal Network. The purpose of this setup is to sniff traffic with the interface that has no IP address and allow for management and reporting over the interface that has an IP associated with the Internal network. For some reason, this is just not working for me at all. I've tried to configure via rc.conf and this fails to work. I've also tried assigning an RFC 1918 address to the interface I want sniffing as this traffic should not be routable, but it doesn't seem to work. What software are you using to sniff the traffic? Do you have the bpf device in your kernel? Do you get an error message or just no traffic recieved? Andrew P.S. Are you something to do with VooDoo Blue or do you just do their web site, or just a fan or something? :) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with 2 nics in same box
On Sat, Jan 03, 2004 at 03:27:33PM -0500, Scott Renna wrote: I am using Snort and a few other tools to decide which I'd like best. Here's the thing about Lowell's comment on Bridging. Is this necessary in this case? I don't want the interface without an IP to EVER transmit outbound. If I Need to enable bridging I'll do so. The other thing is, is it possible to configure each card to be on a different subnet(like xl1 on 10.X.X.X and xl0 on 192.X.X.X)? Sounds like you want to put the interface into 'monitor' mode -- see ifconfig(8). If all you want to do on this box is sniff traffic on your network, that should be sufficient, although you will have to configure your switches to pump out a copy of each packet they deal with to the port your box is connected to. It takes quite a sophisticated switch to actually have that capability. I'm not sure if you even need to specify an address for the card when used in this way: I think it should just pick up any traffic it sees. There's no problem with having multiple interfaces on sniffing on multiple networks, or even having the traffic from several networks all directed to the same interface for sniffing. An alternative way of doing this, which is what I presume Lowell was on about, is to make the sniffing box a bridge between two network segments. In this case, you can't use the ifconfig monitor stuff as the machine will have to forward packets between it's interfaces, and the machine will have to have one IP number on that network, so it can't be invisible. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
RE: problem with 2 nics in same box
Hi Scott, I am using Snort and a few other tools to decide which I'd like best. Here's the thing about Lowell's comment on Bridging. Is this necessary in this case? It certainly isn't necessary...it is an option. I don't want the interface without an IP to EVER transmit outbound. A firewall could accomplish this... snip (specifying it as such in /etc/rc.conf as ifconfig_xl1=up) Have you tried to specify ifconfig xl1 up on the command line?...I'm not sure that ifconfig_xl1=up is a legal statement in rc.conf(could be wrong). Once you get it working, (to avoid unnecessary variables) you might want to do ifconfig xl1 -arp to disable arp on that interface if it's just going to sit in promiscuous mode. For some reason, this is just not working for me at all. I've tried to configure via rc.conf and this fails to work. I've also tried assigning an RFC 1918 address to the interface I want sniffing as this traffic should not be routable, but it doesn't seem to work. This could be because your xl0 interface is already assigned a 192.168.x.x address. I don't think FreeBSD can have two interfaces on the same subnet. You could have to interfaces of different subnets (eg. 192.168.0.0/24 and 192.168.1.0/24) -Stephen ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: problem with 2 nics in same box
I don't want the interface without an IP to EVER transmit outbound. A firewall could accomplish this... Or simply do not assign an IP address at all. And if you want to go below IP; check out the -arp option in the ifconfig man page. Dw ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problem with 2 nics in same box
Scott Renna wrote: I am using Snort and a few other tools to decide which I'd like best. Here's the thing about Lowell's comment on Bridging. Is this necessary in this case? I don't want the interface without an IP to EVER transmit outbound. If I Need to enable bridging I'll do so. The other thing is, is it possible to configure each card to be on a different subnet(like xl1 on 10.X.X.X and xl0 on 192.X.X.X)? See Matthew Seaman's post on this - I think he knows more about this than I do ;) I remember using snort for something recently and don't remember encountering any problems - It shouldn't need to be assigned an IP AFAIK. Andrew, do you like VooDoo Blue? Let me know, I am involved. For some reason, your email address insipred me to check out www.vdbmusic.com - I hadn't heard of the band before then. I downloaded a couple of MP3s from the site and they are pretty good :) Not sure if their music ever makes it to Scotland though, which is where I am! -Original Message- From: Andrew Boothman [mailto:[EMAIL PROTECTED] Sent: Saturday, January 03, 2004 12:27 PM To: Scott Renna Cc: [EMAIL PROTECTED] Subject: Re: problem with 2 nics in same box Scott Renna wrote: Hello List, I am having some difficulty in getting my xl0 and xl1 3com cards to work the way I'd like. I'm running 5.1 Release and I'm basically trying to have one interface with no IP address(specifying it as such in /etc/rc.conf as ifconfig_xl1=up) And I'd like to have the other(xl0) to have an IP address of my Internal Network. The purpose of this setup is to sniff traffic with the interface that has no IP address and allow for management and reporting over the interface that has an IP associated with the Internal network. For some reason, this is just not working for me at all. I've tried to configure via rc.conf and this fails to work. I've also tried assigning an RFC 1918 address to the interface I want sniffing as this traffic should not be routable, but it doesn't seem to work. What software are you using to sniff the traffic? Do you have the bpf device in your kernel? Do you get an error message or just no traffic recieved? Andrew P.S. Are you something to do with VooDoo Blue or do you just do their web site, or just a fan or something? :) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
