[Snort-users] HELP on configuration

Enrico M.V. Fasanelli Enrico.M.V.Fasanelli at ...4883...
Wed Feb 6 06:15:08 EST 2002


Dear all,

I run snort-mysql+flexresp-1.8.3-5snort on a RedHat 7.2 box.

Following the FAQ, I've write some rules for passing some traffic
(afs3-callback) and started snort daemon with the -o flag.

The problem is that some rules seems to work, and some other seems to be
ignored.

In particular:

   var LE_AFS_SERVERS [192.84.152.68,192.84.152.37,192.84.152.83,192.84.152.148,192.84.152.100]

   pass udp $LE_AFS_SERVERS 7000 -> $HOME_NET 7001

works fine, and the

   var INFN_AFS_SERVERS [141.108.3.252]

   pass udp $INFN_AFS_SERVERS 7000 -> $HOME_NET 7001

does not works.

The ONLY difference is that hosts listed in the LE_AFS_SERVERS belongs to
HOME_NET and the host in the INFN_AFS_SERVERS is not in HOME_NET.

Any hint?

Thanks in advance

Ciao
				Enrico


      Enrico M.V. Fasanelli          Phone +39 0832 320.435/448
Istituto Nazionale Fisica Nucleare   Fax   +39 0832 325128
       Sezione di Lecce              mailto:Enrico.M.V.Fasanelli at ...4883...
  Servizio di Calcolo & Reti         Via per Arnesano, I-73100 LECCE (Italy)






More information about the Snort-users mailing list