Span port (mirror port)
sakebomb last edited by
After scanning these forums for a while, I couldn't find a good solution to making a span port with any of the solutions presented. I couldn't find any information on dup-to or bridging that made any sense (actually couldn't find any information on dup-to anywhere). I remembered that m0n0wall is similar to pfsense so I went with a solution I found on there, and it worked. :-)
eth0 - WAN
eth1 - LAN
eth2 - SPAN
Note: you need a cross-over cable to get this to work (unless you have gigE which is autosensing)
All you have too do to get the span port working is from the command-line run:
#ifconfig bridge0 create
#ifconfig eth2 up monitor
#ifconfig bridge0 addm eth1 span eth2 up
Read about it here if you like:
On 2.0 you can do this with the advanced settings under Interfaces > (assign), on the Bridges tab.
n1ko last edited by
Bumping an old thread. It seems that current bridge functionality in 2.0 requires (atleast) 2 bridge members. This is not what one would want when mirroring one port and its not what sakebomb did via cli.
Wonder why the limitation?
srynoname last edited by
Is there a way doing this using the webinterface of 2.0.1?
Can someone please explain sakebombs solution in more detail?
#ifconfig bridge0 create #ifconfig eth2 up monitor #ifconfig bridge0 addm eth1 span eth2 up
I understand the first line creates a virtual interface, I don't understand the "monitor" argument in the second line, also I am not sure what "addm" means in line 3? maybe add monitor?
From the ifconfig man page:
Put the interface in monitor mode. No packets are transmitted,
and received packets are discarded after bpf(4) processing.
And addm adds a member to the bridge.
srynoname last edited by
thank you jimp, I googled the wrong ifconfig manpage ;-)
a question on creating the bridge from a newbie like me:
I currently have a vlan interface, lets call it vlanForMonitoring. There's always only one client connected to it, this client shall be used for analyzing traffic from and to the wan interface.
Can I do something like the following?
#ifconfig bridge0 create // create the bridge #ifconfig vlanForMonitoring up monitor // set vlan interface to monitoring #ifconfig bridge0 addm wanInterface span vlanForMonitoring up // bridge wan to the monitored interface
How about Firewall rules? Is the bridge enough to pass traffic from WAN to vlanForMonitoring or do I still have to create firewall rules? How would they have to look like? Thanks for any hint :-)