snot over Bridge-firewall

["Lsalas TNTPOKER" <lsalas () tntpoker net>]

I have a bridge-firewall whit STP and iptables, this is running very fine, but I need check the attack and port scan, 
incoming to my server through to my bridge-firewall, this servers is after of my bridge-firewall, I put portsentry and 
snort in my bridge-firewall, but portsentry only detect the scan ports localy, but I need detect the incoming port 
scan. Snort , well... snort dont say nothing, I think that snort not run fine in a bridge.... I´m not sure.
My configuration with snort is fine,I know because  this is running fine in other servers.
you have some idea?
I need check the attack and portscan incoming to my network and then make a dinamic firewall.
My bridge have a IP address for administrative use.