Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Where do I put additional ifconfig options?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Samsonov
      last edited by

      webGUI configurators [for many components of pfSense] provide a text field where one can write additional raw configuration directives, but there is nothing similar for interface configuration.

      For example, if I need promiscuous mode to be enabled on an interface — for MAC address spoofing to work*, where do I set it? Do I have to write a /usr/local/etc/rc.d/ifconfig.sh script, or there is a better way to accomplish this? (Not counting shellcmd.)

      * By the way, why doesn't webGUI mention that it is needed or may be needed?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        You can just put it in a shellcmd, as long as it's applied on boot it won't go away.

        It's not mentioned because it's almost never required, only in some very rare cases the NIC refuses to pick up packets for any MAC other than the one burned into it unless it's in promisc. If we put in notes on every circumstance that can affect 1 in 10,000 people, the web interface would be overrun with text.

        1 Reply Last reply Reply Quote 0
        • S
          Samsonov
          last edited by

          @cmb:

          You can just put it in a shellcmd.

          Yes, I finally did so, because with shellcmd and earlyshellcmd you have at least a minor degree of control on when and in which order the commands would be run, which seems impossible with /usr/local/etc/rc.d scripts. For example, promiscuous mode should be enabled with shellcmd, because by the time earlyshellcmd directives are executed, interfaces are not [properly] configured yet.

          It's not mentioned [to enable promiscuous mode for MAC spoofing to work] because it's almost never required, only in some very rare cases the NIC refuses to pick up packets for any MAC other than the one burned into it unless it's in promisc.

          As far as I see on forums, it is always required when an interface is partitioned with VLANs and MAC spoofing must take place on one sub-interface only, or when multiple sub-interfaces require their own MAC spoofs (so you can't just alter the MAC address of parent interface).

          If we put in notes on every circumstance that can affect 1 in 10,000 people, the web interface would be overrun with text.

          There is Wiki for this, which could be referenced by the “? — Help for items on this page” icon. Currently it seems to be extremely scanty on interface configuration.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I added a note to the wiki:
            http://doc.pfsense.org/index.php/Interface_Settings

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.