Live CD Boot VLAN Promiscuous Mode



  • Booted the Live CD and configured one VLAN and assigned to the WAN interface.

    Everything seemed to be configured correctly; even obtained DHCP assigned IP address, but could not get to the gateway (offline).

    Discovered that the VLAN interface was not in promiscuous mode.  No matter what pfSense settings where changed, save, and applied, could not get to the gateway until running shell command ifconfig <interface name="">promisc

    Seems like VLAN should be put into promiscuous mode by default when created.</interface>



  • It is not clear why promiscuous mode would be needed for VLANs. Did you give the VLAN interface a MAC address different from the hardware MAC address?

    What is the physical interface name of the VLAN parent interface (e.g. igb0, em0, rl0, etc)?

    What snapshot build did you use?



  • Yes using a "spoofed" MAC.

    WAN: bfe0_vlan98 (the promiscuous problem child)
    LAN: bfe0

    2.1-BETA0 (i386)
    built on Fri Sep 21 17:36:25 EDT 2012
    FreeBSD 8.3-RELEASE-p4

    P.S.  Not that it matters but discovered it was interface promiscuous problem when turn on a packet capture and suddenly had gateway access.



  • Perhaps the bfe driver doesn't correctly tell the hardware to listen on the additional MAC address.

    Perhaps the VLAN driver doesn't tell the underlying hardware driver to listen on the additional MAC address.



  • One or both of those is probably what's happing.

    Have since re-installed to a USB flash drive and using the NIC MAC, and it's working fine without promiscuous mode on the interfaces.

    Thanks,

    P.S. Wonder how long the flash drive will last.  Any guesses?  It's a default install with no additional packages.



  • @wallabybob:

    Perhaps the bfe driver doesn't correctly tell the hardware to listen on the additional MAC address.

    Perhaps the VLAN driver doesn't tell the underlying hardware driver to listen on the additional MAC address.

    Anyway to force NIC to listen on the additional "spoofed" MAC address?  Other than setting to promiscuous mode?
    Perhaps maybe with an ifconfig command etc.



  • This condition is not specific to a Live CD Boot.  It also occurs on a full installed boot.

    Have discovered that using a shell command in the config to set the parent (real) NIC MAC rather than setting a "spoofed" MAC on the VLAN'd WAN interface may be a workaround, since for this particular installation the WAN need a particular MAC and LAN MAC can be anything.  Better than enabling promiscuous mode anyway.  Which will fill the firewall log with all the traffic seen on the interface.  May as well be capture.

    Example:
    <system><shellcmd>ifconfig bfe0 ether 00:35:c7:7e:5d:db</shellcmd>
    …</system>


Log in to reply