Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Starting SNORT

From: "Remus" <rmocius () auste elnet lt>
Date: Fri, 4 Oct 2002 10:33:30 +0100
Hi folks,

I'm newbie in SNORT.
I'm a bit confused about two lines in the snort.conf file
var HOME_NET and var EXTERNAL_NET
What they mean?
For example I have two NICs on my Linux box:
 eth0 connection to my ISP via ADSL
 eth1 my local network

How I should use these var HOME_NET and var EXTERNAL_NET if I want snort instance to be running on eth0?
Is it like this:
var HOME_NET 10.10.10.0/24
var EXTERNAL_NET 193.125.145.6 (here is not my real Ip address)?

And does all these 'vars' only for local network?
# List of DNS servers on your network
var DNS_SERVERS $HOME_NET

# List of SMTP servers on your network
var SMTP_SERVERS $HOME_NET

# List of web servers on your network
var HTTP_SERVERS $HOME_NET

# List of sql servers on your network
var SQL_SERVERS $HOME_NET

# List of telnet servers on your network
var TELNET_SERVERS $HOME_NET


May I put to DNS_SERVERS my external DNS servers therefore I have no internals?


Thanks in advance

Remus
Previous By Date Next
Previous By Thread Next

Current thread: