[Snort-users] One Simple Question ?

Ian Bowers iggdawg at ...11827...
Tue Oct 9 09:36:21 EDT 2012

Apologies if I'm mistaking you, but I'm reading this literally.  Running it
inline with one interface should work fine if you leverage VLANs.  Same
basic idea as a router-on-a-stick setup.  Unlike some other VLAN trickery,
you probably won't be able to use a dumb switch for this unless you have a
router that understands VLANs if you want any mote of security

1) create 2 VLAN interfaces, say VLAN 12 and VLAN 13.
2) have your user access ports on VLAN 12, and your router access port on
3) there's really no step 3, I started with numbered bullets and wanted
more than 2.  At this point your snort box would be an inter-VLAN router
basically, sitting between your users and your router.  but using only one
physical interface.

Alternately, if your router is VLAN capable you can pull this off with a
dumb switch.  configure just one VLAN interface, and leave your physical
interface with an IP address on it.  By using the physical interface,
you're on the native VLAN of the trunk by default.  Then the VLAN
subinterface would communicate with a subinterface on the router of the
same VLAN.  This again uses only one physical interface.

Hope this helps,


On Mon, Oct 8, 2012 at 10:35 AM, Ibrahim Lubis <baim.lubis at ...11827...> wrote:

> One Simple Question, :)
> Can I Run Snort in inline mode with one interface ? i only see alot when
> googling snort in inline mode with 2(bridging)  or 3( +1 management )
> interface.
> Thx
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121009/049caef6/attachment.html>

More information about the Snort-users mailing list