On Wed, 17 Mar 2004, Jim Gifford wrote:

> Using a hub between your WAN device and your WAN port, and hanging the
> IDS off of that hub is one way to do it.  That restricts your bandwidth,
> but chances are the WAN device is already restricted anyway.  Using the
> ethernet tap is probably the purest solution.

there's another, using freebsd's ng_tee netgraph node. it's not a part of
the default m0n0wall images, but you should be able to follow the
instructions at http://m0n0.ch/wall/hack/ to include both ng_ether and
ng_tee into the /modules directory, just as dummynet and ipfw modules are
included.

read the freebsd man page for ng_tee at
http://www.freebsd.org/cgi/man.cgi?query=ng_tee&apropos=0&sektion=0&manpath=FreeBSD+4.9-stable&format=html
for what it does. you'd basically be connecting the left hook to the upper
hook of the wan interface, the right node to the lower hook. then connect
left2right to the lower hook of the lan(ids) and right2left to the upper
hook of the lan (ids) interface.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+