[Snort-users] Re: Newbie: Snort Configuration

Jeff Elkins jeff at ...4830...
Mon Feb 4 15:12:06 EST 2002


No assistance for this problem? :(
Is my setup highly unusual?

Jeff Elkins

----------

On Saturday 02 February 2002 07:25 pm, Jeff Elkins wrote:
> Hello list,
>
> I searched the FAQ as well as the web discussion boards and didn't see an
> obvious answer to my question.
>
> I'm attempting to configure Snort 1.8.4-beta1 build 91 for use on a small
> seven node LAN. All boxen are running RH7.2. I built Snort from the tarball
> and configure/make/make install seemed to work perfectly.
>
> The Snort box has two ethernet interfaces: eth0 is connected to a Netgear
> FS108 8 port switch (as is the rest of the LAN) and eth1 is connected to an
> Alcatel DSL modem.  The resulting pppoe->ppp0 connection is shared among
> all boxes and a basic ipchains firewall is in place.
>
> eth0=192.168.0.1
> eth1=10.0.0.10
> Alcatel DSL modem=10.0.0.138 (factory preset)
> ppp0=variable IP
>
> Snort will only initialize itself for eth0 and while portscans within the
> LAN trigger an alert, external ones do not.  I've tried setting HOME_NET to
> 10.0.010/24 and 10.0.0.138/24 - plus the $ppp0_ADDRESS and $eth1_ADDRESS
> variables fail with: bad value in variable definition. Make sure you don't
> have a "$" in the var name. Using HOME_NET any also fails to pick up
> external portscans.
>
> Thanks for any assistance.
>
> Jeff Elkins




More information about the Snort-users mailing list