[Snort-users] HOME_NET and EXTERNAL_NET snort.conf

Allan Dover allan at ...8825...
Wed Apr 9 08:56:03 EDT 2003


Hello Everyone !

In my config I have Snort 2.0.rc3 --with mysql and ACID 0.9.6.b23
RH 8.0 Patched as Bridged Firewall ETH0 and ETH1 Comprise of bridge BRIDGE
snort.conf has been configured as so:
HOME_NET is my LAN 192.168.0.0/26 would give me 192.168.0.1 - 192.168.0.62
EXTERNAL_NET is WAN 192.168.254.14 (Router's Address)  Correct ?
var DNS 192.168.0.5
var HTTP etc...

###          ##########    #####     #####        --DNS 192.168.0.5
DSL         ETH0-ETH1    Router    Clients        --WEB 192.168.0.30
###          ##########    #####     #####        --DNS 192.168.0.30

I used to use snort without filling in the var dns, http and network
portions.  I was seeing DNS Zone transfers and so on.  Now I dont see the
dns zone transfers, and want to make sure that is what is supposed to
happen.
I also set up a firewall to filter out some of the nasty stuff which I dont
this is workinmg 100% the way I wanted, but I digress.  My ultimate goal is
to block my users from surfing porn at work, and limit P2P programs.
So far Guardian seems best for this from my reading, I have also been told
about snortsam.  ( do I need Flex Resp ? )

Plus my understanding of setting up the HOME_NET and EXTERNAL_NET are
sketchy.  I have read the FAQ and Snort Docs.

Any Insight on this would be greatly appreciated.


Allan Dover

###################################################
This e-mail communication (including any or all attachments) is intended
only for the use of the person(s) or entity to which it is addressed and may
contain confidential and/or privileged material. If you are not the intended
recipient of this e-mail, any use, review, retransmission, distribution,
dissemination, copying, printing, or other use of, or taking of any action
in reliance upon this e-mail, is strictly prohibited. If you have received
this e-mail in error, please contact the sender and delete the original and
any copy of this e-mail and any  printout thereof, immediately. Your
co-operation is appreciated.






More information about the Snort-users mailing list