Re: How to run multiple instances of snort inline and daq and multiple interfaces (firewall)

[Stanford Prescott <stan.prescott () gmail com>]

I realize it's been only 24 hrs. since I posted this, but perhaps I can
clarify what I am asking. I have found bits and pieces of how tos for
multiple instances of snort in inline mode for multiple interfaces.
However, they mention bridging the interfaces such that:
eth0 <--> eth1
eth2 <--> eth3
etc.

I need to know if the  multiple interfaces can all be bridged to the WAN
interface such that:
 WAN eth0 <---inline snort 1 -->LAN eth1

WAN eth0 <---inline snort 2 -->LAN eth2

etc.

Can it be done?

On Tue, Mar 28, 2017 at 1:20 PM, Stanford Prescott <stan.prescott () gmail com>
wrote:

> I am trying to learn some of the ins and outs of snort. Is there a
> tutorial somewhere that outlines how to setup snort in inline mode using
> daq on a Linux netfilter firewall. It is a typical firewall setup with
> interfaces of, for example:
>
> eth0 -> WAN interface with public IP address
> eth1 -> 1st protected LAN interface with unique subnet
> eth2 -> 2nd protected LAN interface with unique subnet
> etc....
>
> I would need multiple instances of snort with
>
> instance1 eth0 <---> eth1 (bidirectional)
> instance2 eth0 <---> eth2        "
> etc.
>
> Thank you!
>
> Stan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!