[Snort-users] Augh, 2 interfaces, 2 IP's - passive monitoring
Deterding, Brent D.
DeterdingB at ...908...
Wed Jan 24 18:06:43 EST 2001
I'm using a Linksys Cable router. It has a DMZ host, which is open
to outside, which is where I want snort.
I have 2 interfaces, eth0 is "normal" and eth1 is "snort" - eth0 is
.101 eth1 is .50
The DMZ host on a Linksys is an IP, NOT a port :(
Basically, traffic for .50 is coming thorugh eth0. Easy right, just
ping the router, it gets the right mac->port info and we're good.
That's fine and good, but as soon as I do that my applications want
to use eth1 as their outbound interface with the .50 address(netscape
Sooo . . . has anyone else done this (with a linksys specifically)
and how did you get it to work properly?
More information about the Snort-users