[Snort-users] newbie configuration issues

John Sage jsage at ...2022...
Tue Jul 23 22:15:02 EDT 2002


On Tue, Jul 23, 2002 at 09:58:01PM -0400, Paul Greene wrote:
> Hello All;
> I recently installed Snort on an "IDS bridge" using OpenBSD.

So the "IDS bridge" is a box with -- what? -- two NIC's? Are the NIC's
assigned IP addresses, or are they address-less?

If this is the case, you may want to check the list archives, and the
FAQ's 3.1 and 3.2...

How do you have $HOME_NET and $EXTERNAL_NET set?

> The setup is a cable modem. The "IDS bridge" is between the cable modem and 
> the NAT box (another openbsd box). The NAT box is dynamically assigned an 
> IP address in the 68.48.xxx.xxx range by the cable company. The internal 
> network is a network.

If you're getting a dynamically-assigned IP address back on the NAT
box, /* somehow I'm having a hard time picturing this: the modem and
the "IDS bridge" are just acting as though they're wire: packets just
pass through with their IP addresses unexamined? */ how do you account
for that relative to $HOME_NET?





- John
