Menu
▾
▴
Re: [Snort-inline-users] IPFW FreeBSD 4.10 invisible bridge
|
From: Christopher B. <bla...@um...> - 2005-01-03 21:42:34
|
On Mon, 2005-01-03 at 14:55, Nick Rogness wrote: > On Mon, 3 Jan 2005, Christopher Black wrote: >=20 > > List, > > > > I'm running freebsd 4.10 on a system configured with no IPs, briding=20 > > between two interfaces. The network works fine if diverting is=20 > > disabled, but when packets are diverted to snort_inline, snort never=20 > > appears to recieve them. Has anyone seen this before? >=20 > What is the output of: >=20 > root# sysctl net.link.ether.bridge.ipfw >=20 >=20 > Nick Rogness <ni...@ro...> > - > How many people here have telekenetic powers? Raise my hand. > -Emo Philips bash-2.05b# sysctl -a | grep net.link.ether.bridge net.link.ether.bridge_cfg: sis0,sis1 net.link.ether.bridge: 1 net.link.ether.bridge_ipfw: 1 ... The bridging part itself is working fine, until I divert the packets to snort. The one command 'ipfw add divert 6666 all from any to any' (6666 being the port I put snort on) causes a complete loss of throughput.=20 Snort is never receiving them as debug statements in the main loop of inline.c report. Is there a special bridging (as opposed to inline) mode to enable? --=20 Christopher Black <bla...@um...> |
