Here is how to bridge different interfaces together selectively:
Controlling bridging
Bridging is almost exclusively controlled by sysctl variables.
net.link.ether.bridge_cfg: ed2:1,rl0:1,
set of interfaces for which bridging is enabled, and cluster
they belong to.
net.link.ether.bridge: 0
enable bridging.
net.link.ether.bridge_ipfw: 0
enable ipfw for bridging.
Thanks to Luigi Rizzo for that information extracted from his site at:
http://www.iet.unipi.it/~luigi/ip_dummynet/
This net.link.enther.bridge_cfg is not in the man page and I have read nothing about it anywhere else, is there some resource that has every sysctl variable listed with it's purpose?
thx
nick
-----Original Message-----
From: Nick Evans
Sent: Tuesday, July 04, 2000 12:18 AM
To: 'Dan Nelson'
Cc: '[EMAIL PROTECTED]'
Subject: RE: BPF and Promiscuous Mode
Exactly, I just tried it and it didn't work :(. Yes you are right on, NFR is a sniffer/ids, but it is based on the OpenBSD kernel and therefore does not support multiple processors. I just tried bridging and it does in fact bridge all interfaces together, but it still does not appear to be mirroring all traffic from one interface to another. Apparently there are issues with IPFilter and FreeBSD... I am going to try OpenBSD and IPFilter tonight. The IPFilter people know that bridging works on OpenBSD, and you can bridge specific interfaces.
-----Original Message-----
From: Dan Nelson [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 03, 2000 10:34 PM
To: Nick Evans
Subject: Re: BPF and Promiscuous Mode
Is there any reason you're not CC'ing the list? I added it back on my
first reply on the assumption you simply forgot, but this email is
missing it too. It's good to have exchanges like these in the
mailing-list archives, so help other people that might have the same
question later.
In the last episode (Jul 03), Nick Evans said:
> actually it's like this
>
> <router> --- <switch>
> |
> | <- mirrored port
> <freebsdbox>
> |
> |
> <vlan'd switch>
> | | |
> | | |
> <nfr> <nfr> <nfr>
>
> the nfr boxes do not have ip's so i just need the traffic duplicated
> (so routing is out of the question), but i wanted to use ipfilter to,
> get this, filter the traffic so not all the ida's see all the
> traffic. the simply cannot handle 600Mbits each... my plan is to put
> a gig interface, or two, into the BSD box and several dualport server
> adaptors and then segment that traffic down. bridging might work, but
> i do not know how to bind certain interfaces together in FreeBSD,
> OpenBSD, yes, but not Free...
Aahh. An nfr is a sniffer. I assumed that you were load-balancing web
servers or something, which was confising me a bit since you don't want
to use mirroring for this. For your purposes, mirroring is perfect.
I think enabling bridging, and then using ipfilter or ipfw to only
allow (say) 1/3 of the Net addresses to each server (assuming you have
3 nfr's), would do what you want. I wonder if NFR will take advantage
of multiple CPUs in a single box. That way you don't have to worry
about any of this.
In the last episode (Jul 03), Nick Evans said:
> actually a better question would have been, do you know if you can
> bridge multiple interfaces to one other interface lik 4 100mbit nics
> to one gigabit nic?
I assume so. The bridge manpage mentions the inability to selectively
bridge certain interfaces, so the default must be to bridge all
ethernet interfaces. You can probably add some filtering rules to make
sure you don't re-transmit packets out of your gigabit NICs.
--
Dan Nelson
[EMAIL PROTECTED]
