Where do I put additional ifconfig options?

General pfSense Questions
Log in to reply
  • S

    webGUI configurators [for many components of pfSense] provide a text field where one can write additional raw configuration directives, but there is nothing similar for interface configuration.

    For example, if I need promiscuous mode to be enabled on an interface — for MAC address spoofing to work*, where do I set it? Do I have to write a /usr/local/etc/rc.d/ifconfig.sh script, or there is a better way to accomplish this? (Not counting shellcmd.)

    * By the way, why doesn't webGUI mention that it is needed or may be needed?

    0
  • C

    You can just put it in a shellcmd, as long as it's applied on boot it won't go away.

    It's not mentioned because it's almost never required, only in some very rare cases the NIC refuses to pick up packets for any MAC other than the one burned into it unless it's in promisc. If we put in notes on every circumstance that can affect 1 in 10,000 people, the web interface would be overrun with text.

    0
  • S

    @cmb:

    You can just put it in a shellcmd.

    Yes, I finally did so, because with shellcmd and earlyshellcmd you have at least a minor degree of control on when and in which order the commands would be run, which seems impossible with /usr/local/etc/rc.d scripts. For example, promiscuous mode should be enabled with shellcmd, because by the time earlyshellcmd directives are executed, interfaces are not [properly] configured yet.

    It's not mentioned [to enable promiscuous mode for MAC spoofing to work] because it's almost never required, only in some very rare cases the NIC refuses to pick up packets for any MAC other than the one burned into it unless it's in promisc.

    As far as I see on forums, it is always required when an interface is partitioned with VLANs and MAC spoofing must take place on one sub-interface only, or when multiple sub-interfaces require their own MAC spoofs (so you can't just alter the MAC address of parent interface).

    If we put in notes on every circumstance that can affect 1 in 10,000 people, the web interface would be overrun with text.

    There is Wiki for this, which could be referenced by the “? — Help for items on this page” icon. Currently it seems to be extremely scanty on interface configuration.

    0
  • jimp
    Rebel Alliance Developer Netgate

    I added a note to the wiki:
    http://doc.pfsense.org/index.php/Interface_Settings

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy