Promiscuous mode enabled, why ?

Started by henri9813, July 04, 2025, 09:44:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 04, 2025, 09:44:16 PM
Hello,

I have promiscious mode enabled on ALL interfaces except the one on which i make all my ha states pass thought.

However, i didn't enable at all promiscuous mode on any interface, i don't know why the mode is present.

I tried to disable if using `ifconfig XXXX -promisc` but it does nothing.

I run opnsense in a virtual machine inside a Xen cluster.

```
xn0: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 9004
   description: WAN (opt8)
   options=0
   ether xx:xxx:xx:xxx
        XXXX
   carp: MASTER vhid 1 advbase 1 advskew 0
         peer 224.0.0.18 peer6 ff02::12
   media: Ethernet manual
   status: active
   nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```

Do you have an idea why ?

I have opnsense latest version

I don't have any ids or something like this, i just have unbound dns configured.


In my dmesg i have
```
root@xxxx:~ # dmesg |grep "promiscuous"
pflog0: permanently promiscuous mode enabled
xn0: promiscuous mode enabled
vlan0.1: promiscuous mode enabled
vlan0.2: promiscuous mode enabled
vlan0.5: promiscuous mode enabled
vlan0.4: promiscuous mode enabled
vlan0.5: promiscuous mode enabled
....
vlan0.1: promiscuous mode disabled
vlan0.2: promiscuous mode disabled
vlan0.3: promiscuous mode disabled
vlan0.4: promiscuous mode disabled
vlan0.5: promiscuous mode disabled
...
xn0: promiscuous mode disabled
xn0: promiscuous mode enabled
vlan0.1: promiscuous mode enabled
vlan0.2: promiscuous mode enabled
vlan0.3: promiscuous mode enabled
vlan0.4: promiscuous mode enabled
vlan0.5: promiscuous mode enabled

vlan0.10: promiscuous mode enabled
vlan0.10: promiscuous mode disabled
vlan0.10: promiscuous mode enabled
vlan0.10: promiscuous mode disabled
vlan0.1: promiscuous mode disabled
vlan0.1: promiscuous mode enabled
```

VLAN 10 ( in my obsfuscated output ), correspond to the vlan i made all my ha states pass thought.

Do you have an idea ?

Thanks !
July 04, 2025, 10:10:10 PM #1
Services -> Intrusion Detection?
Hardware:
DEC740
July 06, 2025, 12:46:14 AM #2
Hello,

no, it's not enabled, i don't use it.
July 06, 2025, 06:36:11 AM #3
It's necessary for CARP. Why do you want to turn it off?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 06, 2025, 09:36:50 AM #4
interestingly it's enabled on my system as well, and I don't have carp and it's not enabled in intrusion detection.

pflog0: permanently promiscuous mode enabled
wg0: promiscuous mode enabled
igc1: promiscuous mode enabled
igc3: promiscuous mode enabled
vlan01: promiscuous mode enabled
igc0: promiscuous mode enabled
vlan03: promiscuous mode enabled
vlan04: promiscuous mode enabled
vlan06: promiscuous mode enabled
July 06, 2025, 02:41:56 PM #5
Hello,

Thanks @patrick

I didn't know it was introduced by CARP.

It's okay for me :)

Best regards.
Print
Go Up Pages1
User actions