Span port (mirror port)
-
After scanning these forums for a while, I couldn't find a good solution to making a span port with any of the solutions presented. I couldn't find any information on dup-to or bridging that made any sense (actually couldn't find any information on dup-to anywhere). I remembered that m0n0wall is similar to pfsense so I went with a solution I found on there, and it worked. :-)
My specs:
2.0-RC3 (i386)
eth0 - WAN
eth1 - LAN
eth2 - SPANNote: you need a cross-over cable to get this to work (unless you have gigE which is autosensing)
All you have too do to get the span port working is from the command-line run:
#ifconfig bridge0 create
#ifconfig eth2 up monitor
#ifconfig bridge0 addm eth1 span eth2 upRead about it here if you like:
http://forum.m0n0.ch/index.php?topic=2971.0 -
On 2.0 you can do this with the advanced settings under Interfaces > (assign), on the Bridges tab.
-
Bumping an old thread. It seems that current bridge functionality in 2.0 requires (atleast) 2 bridge members. This is not what one would want when mirroring one port and its not what sakebomb did via cli.
Wonder why the limitation?
-
Is there a way doing this using the webinterface of 2.0.1?
Can someone please explain sakebombs solution in more detail?
#ifconfig bridge0 create #ifconfig eth2 up monitor #ifconfig bridge0 addm eth1 span eth2 up
I understand the first line creates a virtual interface, I don't understand the "monitor" argument in the second line, also I am not sure what "addm" means in line 3? maybe add monitor?
-
From the ifconfig man page:
monitor
Put the interface in monitor mode. No packets are transmitted,
and received packets are discarded after bpf(4) processing.And addm adds a member to the bridge.
-
thank you jimp, I googled the wrong ifconfig manpage ;-)
a question on creating the bridge from a newbie like me:
I currently have a vlan interface, lets call it vlanForMonitoring. There's always only one client connected to it, this client shall be used for analyzing traffic from and to the wan interface.
Can I do something like the following?#ifconfig bridge0 create // create the bridge #ifconfig vlanForMonitoring up monitor // set vlan interface to monitoring #ifconfig bridge0 addm wanInterface span vlanForMonitoring up // bridge wan to the monitored interface
How about Firewall rules? Is the bridge enough to pass traffic from WAN to vlanForMonitoring or do I still have to create firewall rules? How would they have to look like? Thanks for any hint :-)