[Snort-users] Snort.conf variables
rmocius at ...2161...
Tue Nov 11 00:12:02 EST 2003
Snort is running on eth0 (external NIC)
I use NAT with only C class IPs for local network.
>> What are HOME_NET and EXTERNAL_NET defined as relative to your network? -
Sorry what you mean?
And I want to pick up inbound attacks and outbound attacks on eth0.
----- Original Message -----
From: "Matt Kettler" <mkettler at ...4108...>
To: "Remus" <rmocius at ...2161...>; <snort-users at lists.sourceforge.net>
Sent: Monday, November 10, 2003 11:08 PM
Subject: Re: [Snort-users] Snort.conf variables
> At 11:16 AM 11/10/2003, Remus wrote:
> >Just my small confusion regarding HOME_NET and EXTERNAL_NET variables.
> >I have a Linux firewall which one runs Snort as well:
> >eth0 - external network
> >eth1 - local network
> >And it has port forwards to web, smtp servers in the local network.
> >Now my question is which one variables I have to use for my eth0 and
> Given your question, there's no possible answer. And quite frankly, the
> real answer may be "neither". Snort configuration depends on a lot more
> than just what your router interfaces are.
> What interface is snort running on, eth0 or eth1?
> Is there address translation going on?
> What are HOME_NET and EXTERNAL_NET defined as relative to your network?
> Are you looking to pick up inbound attacks, outbound attacks, or both?
> This SF.Net email sponsored by: ApacheCon 2003,
> 16-19 November in Las Vegas. Learn firsthand the latest
> developments in Apache, PHP, Perl, XML, Java, MySQL,
> WebDAV, and more! http://www.apachecon.com/
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users