Re: newbie configuration issues

[John Sage <jsage () finchhaven com>]

Paul:

On Tue, Jul 23, 2002 at 09:58:01PM -0400, Paul Greene wrote:
> Hello All;
>
> I recently installed Snort on an "IDS bridge" using OpenBSD.

So the "IDS bridge" is a box with -- what? -- two NIC's? Are the NIC's
assigned IP addresses, or are they address-less?

If this is the case, you may want to check the list archives, and the
FAQ's 3.1 and 3.2...

How do you have $HOME_NET and $EXTERNAL_NET set?

> The setup is a cable modem. The "IDS bridge" is between the cable modem and 
> the NAT box (another openbsd box). The NAT box is dynamically assigned an 
> IP address in the 68.48.xxx.xxx range by the cable company. The internal 
> network is a 192.168.0.0/24 network.

If you're getting a dynamically-assigned IP address back on the NAT
box, /* somehow I'm having a hard time picturing this: the modem and
the "IDS bridge" are just acting as though they're wire: packets just
pass through with their IP addresses unexamined? */ how do you account
for that relative to $HOME_NET?

Do you have some equivalent to:

var HOME_NET $ppp0_ADDRESS

<snippage>


- John
-- 
"Cowardly refusing to create an empty archive."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users