[Snort-users] Advice on Snort Inline

Joel Esler joel.esler at ...1935...
Fri Sep 8 08:19:08 EDT 2006

Hash: SHA1


Thanks for emailing the list.

3 nics is the the way you want to go, one nic in, one nic out.  There
are some configuration guides to Snort inline out there (try the Snort
manual, it's a good starting point), all you have to do is basically
have iptables forward everything to "QUEUE" then Snort reads from that

Fedora Core 5 will work just fine, just make sure you are running the
bare minimum of services on it, as you want your Snort box to be as fast
as possible for inline mode.


Mark Rohrbeck wrote:
> Hi all, 
> I have 2 IDS systems in place and tuned to their specific networks, the next
> step I want to take is running them with Snort_inline. I am just a little
> unsure on how to do this. I would prefer to use Fedora Core 5 as the OS but
> open to suggestions. I mainly want to find out if I can run Snort_inline on
> one box? 
> The networks are pretty small with 10 - 50 XP PC's and server 2003 / 2000,
> we run Sonicwall firewalls and I have the Sensors behind the firewall. The
> picture I have in my mind is having 3 nics in the machine, 1 for Admin and
> the other 2 for Snort inline. Am I heading in the right direction here?
> Any advice / help GREATLY appreciated.
> Marklar
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
Joel Esler  	     Senior Security Consultant 	1-706-627-2101
Sourcefire    Security for the /Real/ World -- http://www.sourcefire.com
Snort - Open Source Network IPS/IDS -- http://www.snort.org
GPG Key http://demo.sourcefire.com/jesler.pgp.key
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Snort-users mailing list