[Snort-users] snort, NAT and OpenBSD 2.8

shawn . moyer shawn at ...1184...
Sat Jan 20 16:29:38 EST 2001


"Ralph M. Churchill" wrote:
> 
> I am using OpenBSD 2.8 (and snort 1.6.3 from the ports tree) for a
> firewall, NAT'd/masqueraded network. My OpenBSD firewall/IDS is
> connected to the internet via a cable modem and is assigned an
> internet-routable IP address. I have a couple other machines on the
> NAT'd/masqueraded network (192.168.1.0/24). When I set up $HOME_NET  in
> snort do I want it to reflect my firewall/IDS's IP (w.x.y.z/32) or do I
> want it to be for my net (192.168.1.0/24) or both? If both, how can I do
> that in snort 1.6.3 since it doesn't support "IP list" (e.g. var
> HOME_NET [w.x.y.z/32,192.168.1.0/24])?

I have a similar setup myself. I personally start snort with -i <if>
specifiying my outside interface, and specify my outside IP for
$HOME_NET. If you're NAT-ing, the traffic on the outside int. will show
up as the outside IP rather than the inside RFC1918 addresses. 


--shawn 

-- 
s h a w n   m o y e r
shawn at ...1184...




More information about the Snort-users mailing list