[Snort-users] DMZ and NAT

Erek Adams erek at ...950...
Fri Jun 27 16:00:10 EDT 2003


On Fri, 27 Jun 2003, Roelf Schreurs wrote:

> I have a DMZ and run snort on both firewals. I always get alerts when
> people from the inside use the internet.
> How do I specify that no alertt should be done if my DMZ's IP's are the
> source?

Make sure you have your HOME_NET set correctly.  The default snort.conf
comes with HOME_NET set to 'any'.  You need it set to the value of your
"inside" network.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list