[Snort-users] Snort with IPTables

jaalexan at ...4528... jaalexan at ...4528...
Thu Jan 10 09:26:04 EST 2002


Hello all,

I have done some reading of the archived message but I still have a few
questions about Snort
with IP  Tables.

First some info about our environment.   I have a small SOHO setup where I
have a cable modem
providing the internet connection.   We have one linux server that has IP
Tables on it with a IP Masq
subnet behind it.   The server also runs various services (Web, Mail, SSH)
and has those ports open on
the firewall.   The external interface is eth1 and the internal interface
is eth0.

I would like to be able to put Snort on this box to determine how much
abuse we are getting.  From the archive
it seems like this is possible but I am not sure.   Idealy I would like to
bind snort to eth1 so I can see all the traffic
that is coming at the firewall and then some how bind it also to eth0 to
determine what is making it past the rule
set of the firewall.   But If I am forced to I would be happy to have it
sitting on external interface.

Thanks
Jason Alexander


-------
My comments are mine and mine only. They do not reflect anyone else.





More information about the Snort-users mailing list