Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Where do I put additional ifconfig options?

    General pfSense Questions
    3
    4
    3610
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Samsonov last edited by

      webGUI configurators [for many components of pfSense] provide a text field where one can write additional raw configuration directives, but there is nothing similar for interface configuration.

      For example, if I need promiscuous mode to be enabled on an interface — for MAC address spoofing to work*, where do I set it? Do I have to write a /usr/local/etc/rc.d/ifconfig.sh script, or there is a better way to accomplish this? (Not counting shellcmd.)

      * By the way, why doesn't webGUI mention that it is needed or may be needed?

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        You can just put it in a shellcmd, as long as it's applied on boot it won't go away.

        It's not mentioned because it's almost never required, only in some very rare cases the NIC refuses to pick up packets for any MAC other than the one burned into it unless it's in promisc. If we put in notes on every circumstance that can affect 1 in 10,000 people, the web interface would be overrun with text.

        1 Reply Last reply Reply Quote 0
        • S
          Samsonov last edited by

          @cmb:

          You can just put it in a shellcmd.

          Yes, I finally did so, because with shellcmd and earlyshellcmd you have at least a minor degree of control on when and in which order the commands would be run, which seems impossible with /usr/local/etc/rc.d scripts. For example, promiscuous mode should be enabled with shellcmd, because by the time earlyshellcmd directives are executed, interfaces are not [properly] configured yet.

          It's not mentioned [to enable promiscuous mode for MAC spoofing to work] because it's almost never required, only in some very rare cases the NIC refuses to pick up packets for any MAC other than the one burned into it unless it's in promisc.

          As far as I see on forums, it is always required when an interface is partitioned with VLANs and MAC spoofing must take place on one sub-interface only, or when multiple sub-interfaces require their own MAC spoofs (so you can't just alter the MAC address of parent interface).

          If we put in notes on every circumstance that can affect 1 in 10,000 people, the web interface would be overrun with text.

          There is Wiki for this, which could be referenced by the “? — Help for items on this page” icon. Currently it seems to be extremely scanty on interface configuration.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            I added a note to the wiki:
            http://doc.pfsense.org/index.php/Interface_Settings

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy