[Snort-users] newbie configuration issues
jsage at ...2022...
Tue Jul 23 22:15:02 EDT 2002
On Tue, Jul 23, 2002 at 09:58:01PM -0400, Paul Greene wrote:
> Hello All;
> I recently installed Snort on an "IDS bridge" using OpenBSD.
So the "IDS bridge" is a box with -- what? -- two NIC's? Are the NIC's
assigned IP addresses, or are they address-less?
If this is the case, you may want to check the list archives, and the
FAQ's 3.1 and 3.2...
How do you have $HOME_NET and $EXTERNAL_NET set?
> The setup is a cable modem. The "IDS bridge" is between the cable modem and
> the NAT box (another openbsd box). The NAT box is dynamically assigned an
> IP address in the 68.48.xxx.xxx range by the cable company. The internal
> network is a 192.168.0.0/24 network.
If you're getting a dynamically-assigned IP address back on the NAT
box, /* somehow I'm having a hard time picturing this: the modem and
the "IDS bridge" are just acting as though they're wire: packets just
pass through with their IP addresses unexamined? */ how do you account
for that relative to $HOME_NET?
Do you have some equivalent to:
var HOME_NET $ppp0_ADDRESS
"Cowardly refusing to create an empty archive."
PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
More information about the Snort-users