Update README.md
This commit is contained in:
		
							parent
							
								
									861248554b
								
							
						
					
					
						commit
						3e164750e8
					
				
					 1 changed files with 4 additions and 26 deletions
				
			
		
							
								
								
									
										30
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										30
									
								
								README.md
									
									
									
									
									
								
							|  | @ -193,7 +193,7 @@ If you don't see traffic being bridged between `ngeth0` and `$ONT_IF`, then netg | ||||||
| 
 | 
 | ||||||
| ## Promiscuous Mode | ## Promiscuous Mode | ||||||
| 
 | 
 | ||||||
| `pfatt.sh` will put `$RG_IF` in promiscuous mode via `/sbin/ifconfig $RG_IF promisc`. Otherwise, the EAP packets would not bridge. I think this is necessary for everyone but I'm not sure. Turn it off if it's causing issues. | `pfatt.sh` will put `$ONT_IF` in promiscuous mode via `/sbin/ifconfig $ONT_IF promisc`. I think this is necessary for everyone but I'm not sure. Turn it off if it's causing issues. | ||||||
| 
 | 
 | ||||||
| ## netgraph | ## netgraph | ||||||
| 
 | 
 | ||||||
|  | @ -203,8 +203,6 @@ Your netgraph should look something like this: | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
| 
 | 
 | ||||||
| In this setup, the `ue0` interface is my `$RG_IF` and the `bce0` interface is my `$ONT_IF`. You can generate your own graphviz via `ngctl dot`. Copy the output and paste it at [webgraphviz.com](http://www.webgraphviz.com/). |  | ||||||
| 
 |  | ||||||
| Try these commands to inspect whether netgraph is configured properly. | Try these commands to inspect whether netgraph is configured properly. | ||||||
| 
 | 
 | ||||||
| 1. Confirm kernel modules are loaded with `kldstat -v`. The following modules are required: | 1. Confirm kernel modules are loaded with `kldstat -v`. The following modules are required: | ||||||
|  | @ -218,48 +216,28 @@ Try these commands to inspect whether netgraph is configured properly. | ||||||
| 2. Issue `ngctl list` to list netgraph nodes. Inspect `pfatt.sh` to verify the netgraph output matches the configuration in the script. It should look similar to this: | 2. Issue `ngctl list` to list netgraph nodes. Inspect `pfatt.sh` to verify the netgraph output matches the configuration in the script. It should look similar to this: | ||||||
| ``` | ``` | ||||||
| $ ngctl list | $ ngctl list | ||||||
| There are 9 total nodes: | There are 5 total nodes: | ||||||
|   Name: o2m             Type: one2many        ID: 000000a0   Num hooks: 3 |  | ||||||
|   Name: vlan0           Type: vlan            ID: 000000a3   Num hooks: 2 |   Name: vlan0           Type: vlan            ID: 000000a3   Num hooks: 2 | ||||||
|   Name: ngeth0          Type: eiface          ID: 000000a6   Num hooks: 1 |   Name: ngeth0          Type: eiface          ID: 000000a6   Num hooks: 1 | ||||||
|   Name: <unnamed>       Type: socket          ID: 00000006   Num hooks: 0 |   Name: <unnamed>       Type: socket          ID: 00000006   Num hooks: 0 | ||||||
|   Name: ngctl28740      Type: socket          ID: 000000ca   Num hooks: 0 |   Name: ngctl28740      Type: socket          ID: 000000ca   Num hooks: 0 | ||||||
|   Name: waneapfilter    Type: etf             ID: 000000aa   Num hooks: 2 |  | ||||||
|   Name: laneapfilter    Type: etf             ID: 000000ae   Num hooks: 3 |  | ||||||
|   Name: bce0            Type: ether           ID: 0000006e   Num hooks: 1 |   Name: bce0            Type: ether           ID: 0000006e   Num hooks: 1 | ||||||
|   Name: ue0             Type: ether           ID: 00000016   Num hooks: 2 |  | ||||||
| ``` |  | ||||||
| 3. Inspect the various nodes and hooks. Example for `ue0`: |  | ||||||
| ``` |  | ||||||
| $ ngctl show ue0: |  | ||||||
|   Name: ue0             Type: ether           ID: 00000016   Num hooks: 2 |  | ||||||
|   Local hook      Peer name       Peer type    Peer ID         Peer hook |  | ||||||
|   ----------      ---------       ---------    -------         --------- |  | ||||||
|   upper           laneapfilter    etf          000000ae        nomatch |  | ||||||
|   lower           laneapfilter    etf          000000ae        downstream |  | ||||||
| ``` | ``` | ||||||
|  | 3. Inspect the various nodes and hooks. | ||||||
| 
 | 
 | ||||||
| ### Reset netgraph | ### Reset netgraph | ||||||
| 
 | 
 | ||||||
| `pfatt.sh` expects a clean netgraph before it can be ran. To reset a broken netgraph state, try this: | `pfatt.sh` expects a clean netgraph before it can be ran. To reset a broken netgraph state, try this: | ||||||
| 
 | 
 | ||||||
| ```shell | ```shell | ||||||
| /usr/sbin/ngctl shutdown waneapfilter: |  | ||||||
| /usr/sbin/ngctl shutdown laneapfilter: |  | ||||||
| /usr/sbin/ngctl shutdown $ONT_IF: | /usr/sbin/ngctl shutdown $ONT_IF: | ||||||
| /usr/sbin/ngctl shutdown $RG_IF: |  | ||||||
| /usr/sbin/ngctl shutdown o2m: |  | ||||||
| /usr/sbin/ngctl shutdown vlan0: | /usr/sbin/ngctl shutdown vlan0: | ||||||
| /usr/sbin/ngctl shutdown ngeth0: | /usr/sbin/ngctl shutdown ngeth0: | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
| ## pfSense | ## pfSense | ||||||
| 
 | 
 | ||||||
| In some circumstances, pfSense may alter your netgraph. This is especially true if pfSense manages either your `$RG_IF` or `$ONT_IF`. If you make some interface changes and your connection breaks, check to see if your netgraph was changed. | In some circumstances, pfSense may alter your netgraph. This is especially true if pfSense manages either your `$ONT_IF`. If you make some interface changes and your connection breaks, check to see if your netgraph was changed. | ||||||
| 
 |  | ||||||
| # References |  | ||||||
| 
 |  | ||||||
| - [MonkWho](https://github.com/MonkWho/pfatt) - Many references on his page |  | ||||||
| 
 | 
 | ||||||
| # Credits | # Credits | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Greg Revelle
						Greg Revelle