[Snort-users] Snort_Inline + Carp

Fábio Ferrão ferrao04 at ...11827...
Wed Feb 3 16:03:18 EST 2010


Dear Alex,
How are you?

I have a problem with snort_inline + CARP.

What's the CARP? Carp is similiar VRRP, is a virtual interface between two
firewalls on the same network.

For example: FW1 is 10.10.10.3, FW2 is 10.10.10.4. Virtual IP is 10.10.10.2.
FW1 is MASTER, therefore FW1 reply by IP 10.10.10.2. FW2 is BACKUP. If FW1
die, FW2's going to be the MASTER and FW2's going to reply by 10.10.10.2.

When I initialize snort_inline with all rules enable, the FW2 changes for
MASTER and FW1 stay MASTER, therefore I have two firewalls (FW1 and FW2)
replying by MASTER (10.10.10.2). This can't happen! When this happen, both
FW1 and FW2 stay crazy! The network stay crazy!

I'm working for resolve this problem, but i didn't obtain the solution yet.

Can you help me?

Thanks.

-- 
Fábio Ferrão

"E conhecereis a verdade e a verdade vos libertará".    João 8.32
"And you will know the truth and the truth you will free".    John 8.32
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100203/7b163dfd/attachment.html>


More information about the Snort-users mailing list