[Snort-users] OpenBSD, snort, Two nic's outside network

Jonathan rakocy at ...4983...
Sat Jun 22 13:27:01 EDT 2002


Recently, A disk died on our IDS box.  It runs OpenBSD, psql logs to
our DB and it has two ethernet cards.  I was able to get everything
from backups which brings me to the problem.  I essentially copied the
old /etc/ into the new /etc/.  I would presume nothing had changed, but
wrong.  The network comes up and works great for our internal network but
I am unable to reach the outside world.  Host resolves names, traceroute
stops at the gateway.  Everything appears normal and snort evenstarts
up. Has anyone seen this or had this problem before.   ANyone with
experience with two nic's please help if possible.  

thank you sincerely,

Here is
ifconfig -a

lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 33224
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet6 ::1 prefixlen 128
        inet netmask 0xff000000 
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 33224 
        media: Ethernet autoselect (1000baseTX full-duplex)
        status: active
        inet6 fe80::202:e3ff:fe00:42f0%ti0 prefixlen 64 scopeid 0x1 
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 128.105.a.12 netmask 0xffffff00 broadcast 128.105.a.255
        inet6 fe80::2c0:f0ff:fe30:df78%de0 prefixlen 64 scopeid 0x2
pflog0: flags=0<> mtu 33224 sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST>
mtu 296 sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296 ppp0:
flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp1:
flags=8010<POINTOPOINT,MULTICAST> mtu 1500 tun0: flags=10<POINTOPOINT> mtu
3000 tun1: flags=10<POINTOPOINT> mtu 3000 enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500 bridge1: flags=0<> mtu 1500 vlan0: flags=0<>
mtu 1500 vlan1: flags=0<> mtu 1500 gre0: flags=8010<POINTOPOINT,MULTICAST>
mtu 1450 gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 gif1:
flags=8010<POINTOPOINT,MULTICAST> mtu 1280 gif2:
flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 

More information about the Snort-users mailing list