[Snort-users] Newbie: Snort Configuration
jeff at ...4830...
Sat Feb 2 16:26:03 EST 2002
I searched the FAQ as well as the web discussion boards and didn't see an
obvious answer to my question.
I'm attempting to configure Snort 1.8.4-beta1 build 91 for use on a small
seven node LAN. All boxen are running RH7.2. I built Snort from the tarball
and configure/make/make install seemed to work perfectly.
The Snort box has two ethernet interfaces: eth0 is connected to a Netgear
FS108 8 port switch (as is the rest of the LAN) and eth1 is connected to an
Alcatel DSL modem. The resulting pppoe->ppp0 connection is shared among all
boxes and a basic ipchains firewall is in place.
Alcatel switch=10.0.0.138 (factory preset)
Snort will only initialize itself for eth0 and while portscans within the LAN
trigger an alert, external ones do not. I've tried setting HOME_NET to
10.0.010/24 and 10.0.0.138/24 - plus the $ppp0_ADDRESS and $eth1_ADDRESS
variables fail with: bad value in variable definition. Make sure you don't
have a "$" in the var name. Using HOME_NET any also fails to pick up external
Thanks for any assistance.
More information about the Snort-users