[Snort-users] Snort.conf variables
mkettler at ...4108...
Mon Nov 10 15:07:06 EST 2003
At 11:16 AM 11/10/2003, Remus wrote:
>Just my small confusion regarding HOME_NET and EXTERNAL_NET variables.
>I have a Linux firewall which one runs Snort as well:
>eth0 - external network
>eth1 - local network
>And it has port forwards to web, smtp servers in the local network.
>Now my question is which one variables I have to use for my eth0 and eth1?
Given your question, there's no possible answer. And quite frankly, the
real answer may be "neither". Snort configuration depends on a lot more
than just what your router interfaces are.
What interface is snort running on, eth0 or eth1?
Is there address translation going on?
What are HOME_NET and EXTERNAL_NET defined as relative to your network?
Are you looking to pick up inbound attacks, outbound attacks, or both?
More information about the Snort-users