[Snort-users] getting snort going to detect any outside access

Paul Miller paul at ...1054...
Tue Jan 2 15:39:51 EST 2001

>     192.168.* ip addresses aren't internet routable, so I'll bet
>   you are doing some kind of network address translation before
>   your packets get to the WAN interface.
>   Try either switching the above to the internal eth0 or use the
>   interface ip of the WAN side for the -h .
>   The latter is best cause you'll see stuff to your gateway.

Oh wow that was it! I changed HOME_NET to my DSL modem IP and it's alerting 
away. Thanks much!

Paul T. Miller | paul at ...1054... | http://www.fxtech.com

More information about the Snort-users mailing list