[Snort-users] Limitations

Tim twr at ...163...
Wed Aug 7 09:36:05 EDT 2002

Hey ppl,

A little help, please. I have some limitations in what and where I can make my installations on for Snort and utilities and in need of some expertise from those who have had similar problems.

This is my set up: DSL coming into a Cisco 806 router which is connected to the first (eth0) of three interfaces on a Linux RH 7.3 box strictly running my firewall (iptables/net filter). The second (eth1) interface is for a DMZ which is populated with an Apache web server and a mail server.
The third (eth2) interface is for my LAN with a couple of NT domain controllers, M$ SQL server, a couple of Citrix servers and a box running some of the services for the LAN. Obviously there are two switches that interconnect the subnets. I'm limited to how many boxes I can configure for an IDS system. It would seem like such a waste to run separate machines for the different programs in order to effectively run an IDS system.

My question: Is it possible to install three (maybe four for management) interfaces on one box and install the Apache Web Server, MySQL, Webmin, ACID and Snort, in other words, have all the necessary installations in order to run snort and monitor the external, DMZ and internal interfaces on the firewall from one box? Is this possible? I'm very limited to how many boxes I can use in order to effectively monitor/learn what is going on with security on my network. I would like to hear from those who have effectively done so and hear the pros and cons to why this could or could not work. 

Thanks in advance for any insights.

Tim -- Mia/Fla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020807/3936ecdf/attachment.html>

More information about the Snort-users mailing list