[Snort-users] snort, NAT and OpenBSD 2.8

Ralph M. Churchill churchillrm at ...530...
Sat Jan 20 15:52:56 EST 2001


I am using OpenBSD 2.8 (and snort 1.6.3 from the ports tree) for a
firewall, NAT'd/masqueraded network. My OpenBSD firewall/IDS is
connected to the internet via a cable modem and is assigned an
internet-routable IP address. I have a couple other machines on the
NAT'd/masqueraded network (192.168.1.0/24). When I set up $HOME_NET  in
snort do I want it to reflect my firewall/IDS's IP (w.x.y.z/32) or do I
want it to be for my net (192.168.1.0/24) or both? If both, how can I do
that in snort 1.6.3 since it doesn't support "IP list" (e.g. var
HOME_NET [w.x.y.z/32,192.168.1.0/24])?

thanks
RMC





More information about the Snort-users mailing list