Port Spannig?
-
I am running pfSense (1.2-RC1-Embedded) on a Soekris net4801 box (w/5 NIC's & the image installed on CF). I would like to configure to box to do port spanning (somethimes called port mirroring or even port monitoring). Basically, I'm running Websense on a windows box which I want to use as a content filtering engine for the LAN. For this to work, I need to forward all packets coming from my LAN to a port on the 4801 which I will connect the Websense machine to. I already have the 3 "OPT" ports bridged into my LAN port, which works fine, but I'm not sure what to do next. You would basically need a similar configuration if you wanted to run an IDS or packet analyzer (wireshark, etc.) on the LAN.
I currently have a "working" system by connecting the pfSense and Websense boxes via an old "dumb hub" (as opposed to a switch). My objective is to dispose of the hub, since it is ancient, and it's very difficult to find true "dumb" hubs on the market these days.
Since I am a newbie when it comes to pfSense, I appologize, in advance, if the setup is either trivial, well documented (RTFM), or totally unsupported. Thanks! Any help would be appreciated.
P.S. From the BSD Handbook, Section 29.5 (Bridging) -
To send a copy of all frames out the interface named fxp4:
# ifconfig bridge0 span fxp4Seems like this is exactly what I want to do; is there a way to do this from pfSense? Can I modify rc.conf to get this to work without breaking something?
-
AFAIC this is supposed to be done by the switch (if its able to do so) where's pfsense is plugged.
Regards from Rio de Janeiro.