[Snort-users] Snort_Inline + Carp

Alex Kirk akirk at ...1935...
Wed Feb 3 16:06:57 EST 2010


To be perfectly honest with you, Fabio, I'm glad to see you also addressed
this to the Snort-Users list. I've got no experience even running CARP (I'm
familiar with it in principle, but have never used it), let alone running it
with snort_inline. Hopefully someone else on the list has that experience,
and can help you out.

2010/2/3 Fábio Ferrão <ferrao04 at ...11827...>

> Dear Alex,
> How are you?
>
> I have a problem with snort_inline + CARP.
>
> What's the CARP? Carp is similiar VRRP, is a virtual interface between two
> firewalls on the same network.
>
> For example: FW1 is 10.10.10.3, FW2 is 10.10.10.4. Virtual IP is
> 10.10.10.2. FW1 is MASTER, therefore FW1 reply by IP 10.10.10.2. FW2 is
> BACKUP. If FW1 die, FW2's going to be the MASTER and FW2's going to reply by
> 10.10.10.2.
>
> When I initialize snort_inline with all rules enable, the FW2 changes for
> MASTER and FW1 stay MASTER, therefore I have two firewalls (FW1 and FW2)
> replying by MASTER (10.10.10.2). This can't happen! When this happen, both
> FW1 and FW2 stay crazy! The network stay crazy!
>
> I'm working for resolve this problem, but i didn't obtain the solution yet.
>
> Can you help me?
>
> Thanks.
>
> --
> Fábio Ferrão
>
> "E conhecereis a verdade e a verdade vos libertará".    João 8.32
> "And you will know the truth and the truth you will free".    John 8.32
>



-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk at ...1935...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100203/677afabd/attachment.html>


More information about the Snort-users mailing list