[Snort-users] Snort_Inline + Carp
akirk at ...1935...
Wed Feb 3 16:06:57 EST 2010
To be perfectly honest with you, Fabio, I'm glad to see you also addressed
this to the Snort-Users list. I've got no experience even running CARP (I'm
familiar with it in principle, but have never used it), let alone running it
with snort_inline. Hopefully someone else on the list has that experience,
and can help you out.
2010/2/3 Fábio Ferrão <ferrao04 at ...11827...>
> Dear Alex,
> How are you?
> I have a problem with snort_inline + CARP.
> What's the CARP? Carp is similiar VRRP, is a virtual interface between two
> firewalls on the same network.
> For example: FW1 is 10.10.10.3, FW2 is 10.10.10.4. Virtual IP is
> 10.10.10.2. FW1 is MASTER, therefore FW1 reply by IP 10.10.10.2. FW2 is
> BACKUP. If FW1 die, FW2's going to be the MASTER and FW2's going to reply by
> When I initialize snort_inline with all rules enable, the FW2 changes for
> MASTER and FW1 stay MASTER, therefore I have two firewalls (FW1 and FW2)
> replying by MASTER (10.10.10.2). This can't happen! When this happen, both
> FW1 and FW2 stay crazy! The network stay crazy!
> I'm working for resolve this problem, but i didn't obtain the solution yet.
> Can you help me?
> Fábio Ferrão
> "E conhecereis a verdade e a verdade vos libertará". João 8.32
> "And you will know the truth and the truth you will free". John 8.32
AEGIS Program Lead
Sourcefire Vulnerability Research Team
alex.kirk at ...1935...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users