Span port (mirror port)
After scanning these forums for a while, I couldn't find a good solution to making a span port with any of the solutions presented. I couldn't find any information on dup-to or bridging that made any sense (actually couldn't find any information on dup-to anywhere). I remembered that m0n0wall is similar to pfsense so I went with a solution I found on there, and it worked. :-)
eth0 - WAN
eth1 - LAN
eth2 - SPAN
Note: you need a cross-over cable to get this to work (unless you have gigE which is autosensing)
All you have too do to get the span port working is from the command-line run:
#ifconfig bridge0 create
#ifconfig eth2 up monitor
#ifconfig bridge0 addm eth1 span eth2 up
Read about it here if you like:
On 2.0 you can do this with the advanced settings under Interfaces > (assign), on the Bridges tab.
Bumping an old thread. It seems that current bridge functionality in 2.0 requires (atleast) 2 bridge members. This is not what one would want when mirroring one port and its not what sakebomb did via cli.
Wonder why the limitation?
Is there a way doing this using the webinterface of 2.0.1?
Can someone please explain sakebombs solution in more detail?
#ifconfig bridge0 create #ifconfig eth2 up monitor #ifconfig bridge0 addm eth1 span eth2 up
I understand the first line creates a virtual interface, I don't understand the "monitor" argument in the second line, also I am not sure what "addm" means in line 3? maybe add monitor?
From the ifconfig man page:
Put the interface in monitor mode. No packets are transmitted,
and received packets are discarded after bpf(4) processing.
And addm adds a member to the bridge.
thank you jimp, I googled the wrong ifconfig manpage ;-)
a question on creating the bridge from a newbie like me:
I currently have a vlan interface, lets call it vlanForMonitoring. There's always only one client connected to it, this client shall be used for analyzing traffic from and to the wan interface.
Can I do something like the following?
#ifconfig bridge0 create // create the bridge #ifconfig vlanForMonitoring up monitor // set vlan interface to monitoring #ifconfig bridge0 addm wanInterface span vlanForMonitoring up // bridge wan to the monitored interface
How about Firewall rules? Is the bridge enough to pass traffic from WAN to vlanForMonitoring or do I still have to create firewall rules? How would they have to look like? Thanks for any hint :-)