[Snort-users] Question about Inline mode
maltizer at ...1935...
Sun Dec 4 23:14:56 EST 2011
On 12/04/2011 09:36 PM, Albert E. Whale wrote:
> When using either NFQ or the DAQ modules, are the interfaces bonded
> together? I completely understand that the Management interface is
> assigned an IP Address, a gateway and a network (subnet mask).
> What happens to the two interfaces used in inline mode? If I place
> the sensor inline, are the interfaces numbered? DO I need to fully
> provide networking (routing) between the interfaces?
With the AFPacket DAQ module, the interfaces just need to be configured
as "up" (ifconfig ethX up). The module opens the interfaces in
promiscuous mode and will forward all packets received on each interface
that are not blocked by the reader out the other. No further setup is
If I recall correctly, the PFRing module works in much the same fashion.
More information about the Snort-users