Re: Mutil homed sensor

[James Riden <j.riden () massey ac nz>]

"John Cunningham" <JCUNNING () kumc edu> writes:

>    Hello, I am new to the group and apologize if I missed this in the
>    docs, but:
>
>
>
>    I am running latest Snort on Redhat FC3. I am configuring a remote
>    sensor box that has two interf's. One will go to a span port on Cisco
>    switch the other interface is set to log to a mysql \ acid box. How do
>    I configure snort to listen on eth1 but report out on eth0? Any help
>    much appreciated in advance. JC

I have mine configure with eth0 being connected to the SPAN port,
which is configured just as:

# ifconfig eth0 up

so has no IP address etc. I think snort will kick it into promiscuous
mode, but if not, you can manually do it by #ifconfig eth0 promisc

snort takes a command line parameter '-i eth0' to tell it which
interface to use, and eth1 is set up "as usual", with IP address,
netmask and default gateway set. Linux is clever enough to use eth1
for all communications.

cheers,
 Jamie
-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/




-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users