[Snort-users] newbie configuration issues

John Sage jsage at ...2022...
Tue Jul 23 22:15:02 EDT 2002


Paul:

On Tue, Jul 23, 2002 at 09:58:01PM -0400, Paul Greene wrote:
> Hello All;
> 
> I recently installed Snort on an "IDS bridge" using OpenBSD.

So the "IDS bridge" is a box with -- what? -- two NIC's? Are the NIC's
assigned IP addresses, or are they address-less?

If this is the case, you may want to check the list archives, and the
FAQ's 3.1 and 3.2...

How do you have $HOME_NET and $EXTERNAL_NET set?

> The setup is a cable modem. The "IDS bridge" is between the cable modem and 
> the NAT box (another openbsd box). The NAT box is dynamically assigned an 
> IP address in the 68.48.xxx.xxx range by the cable company. The internal 
> network is a 192.168.0.0/24 network.

If you're getting a dynamically-assigned IP address back on the NAT
box, /* somehow I'm having a hard time picturing this: the modem and
the "IDS bridge" are just acting as though they're wire: packets just
pass through with their IP addresses unexamined? */ how do you account
for that relative to $HOME_NET?

Do you have some equivalent to:

var HOME_NET $ppp0_ADDRESS

<snippage>


- John
-- 
"Cowardly refusing to create an empty archive."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 




More information about the Snort-users mailing list