Shulou(Shulou.com)06/01 Report--

Attach a list of small cases used for testing before. There are very few materials on CP Firewall, and most of them are in English. In recent days, my eyes hurt when I read English documents. Alas, I am not used to it. Compared with Chinese, the English alphabet looks too small and too laborious. For me, who is not good at English, I have to read it one by one. The key is that there are dozens of words in a sentence, and there are few useful ones. Pity my eyes. The following is my own translation. Let's make do with it. That's about what it means. Hehe.

1. First add a bridge and the corresponding interface

Clish > add bridging group 1 interfaceeth4

(note: only one excuse can be configured for each bridge. If you need to use multiple mirror ports, you need to configure a corresponding bridge for each mirror port. You cannot configure multiple mirror ports on a bridge.)

two。 Add this interface to / etc/monitor_mode (enable mirror mode)

You can create a table, such as / etc/monitor_modefile.

Enter the interface to be mirrored on each line, such as eth4

Or enter clish > set interface eth4 monitor-mode on directly in the command line interface

3. Change permissions / etc/monitor_mode to read-only

[Expert@Gaia] # chmod 444 / etc/monitor_mode

[Expert@Gaia] # chattr + I / etc/monitor_mode

4. Distribution strategy

5. Turn on hairpinning mode

For Gaia and Gaia and above, you need to enable "hairpining" mode on the image interface to see the tcp stream.

[Expert@Gaia] # echo 1 > / sys/class/net//brif//hairpin_mode

Make sure that mirror mode is enabled for this interface.

To make this command survive a reboot:

Open the / etc/rc.d/rc.localscript in Vi editor. 1.

Add the following line before 'start' case ends, immediately after thetouch / var/lock/subsys/localline:

Echo 1 > / sys/class/net//brif//hairpin_mode

Save changes and exit

Configure the mirror port on R76 version

Gaia R76 system version supports automatic configuration of interface image mode

Configure input > set interface eth0 monitor-modeon through the command line interface

You can also configure it directly in the WebUI interface:

Go to "Network Interfaces" tab. 1.

Select therequired interface and click "Edit". two。

Go to "Ethernet" tab. 3.

Check the "Monitor Mode" checkbox and click "OK

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.