Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Span port (mirror port)

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 18.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sakebomb
      last edited by

      After scanning these forums for a while, I couldn't find a good solution to making a span port with any of the solutions presented. I couldn't find any information on dup-to or bridging that made any sense (actually couldn't find any information on dup-to anywhere). I remembered that m0n0wall is similar to pfsense so I went with a solution I found on there, and it worked. :-)

      My specs:
      2.0-RC3 (i386)
      eth0 - WAN
      eth1 - LAN
      eth2 - SPAN

      Note: you need a cross-over cable to get this to work (unless you have gigE which is autosensing)
      All you have too do to get the span port working is from the command-line run:
      #ifconfig bridge0 create
      #ifconfig eth2 up monitor
      #ifconfig bridge0 addm eth1 span eth2 up

      Read about it here if you like:
      http://forum.m0n0.ch/index.php?topic=2971.0

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        On 2.0 you can do this with the advanced settings under Interfaces > (assign), on the Bridges tab.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • N
          n1ko
          last edited by

          Bumping an old thread. It seems that current bridge functionality in 2.0 requires (atleast) 2 bridge members. This is not what one would want when mirroring one port and its not what sakebomb did via cli.

          Wonder why the limitation?

          1 Reply Last reply Reply Quote 0
          • S
            srynoname
            last edited by

            Is there a way doing this using the webinterface of 2.0.1?

            Can someone please explain sakebombs solution in more detail?

            #ifconfig bridge0 create
#ifconfig eth2 up monitor
#ifconfig bridge0 addm eth1 span eth2 up

            I understand the first line creates a virtual interface, I don't understand the "monitor" argument in the second line, also I am not sure what "addm" means in line 3? maybe add monitor?

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              From the ifconfig man page:

              monitor
                  Put the interface in monitor mode.  No packets are transmitted,
                  and received packets are discarded after bpf(4) processing.

              And addm adds a member to the bridge.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • S
                srynoname
                last edited by

                thank you jimp, I googled the wrong ifconfig manpage ;-)

                a question on creating the bridge from a newbie like me:
                I currently have a vlan interface, lets call it vlanForMonitoring. There's always only one client connected to it, this client shall be used for analyzing traffic from and to the wan interface.
                Can I do something like the following?

                #ifconfig bridge0 create // create the bridge
#ifconfig vlanForMonitoring up monitor // set vlan interface to monitoring
#ifconfig bridge0 addm wanInterface span vlanForMonitoring up // bridge wan to the monitored interface

                How about Firewall rules? Is the bridge enough to pass traffic from WAN to vlanForMonitoring or do I still have to create firewall rules? How would they have to look like? Thanks for any hint :-)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.