Snort mailing list archives
Re: Snort_Inline + Carp
From: Will Metcalf <william.metcalf () gmail com>
Date: Wed, 3 Feb 2010 17:40:02 -0600
Is this FreeBSD + ipfw + divert sockets? Regards, Will 2010/2/3 Alex Kirk <akirk () sourcefire com>
To be perfectly honest with you, Fabio, I'm glad to see you also addressed this to the Snort-Users list. I've got no experience even running CARP (I'm familiar with it in principle, but have never used it), let alone running it with snort_inline. Hopefully someone else on the list has that experience, and can help you out. 2010/2/3 Fábio Ferrão <ferrao04 () gmail com> Dear Alex,How are you? I have a problem with snort_inline + CARP. What's the CARP? Carp is similiar VRRP, is a virtual interface between two firewalls on the same network. For example: FW1 is 10.10.10.3, FW2 is 10.10.10.4. Virtual IP is 10.10.10.2. FW1 is MASTER, therefore FW1 reply by IP 10.10.10.2. FW2 is BACKUP. If FW1 die, FW2's going to be the MASTER and FW2's going to reply by 10.10.10.2. When I initialize snort_inline with all rules enable, the FW2 changes for MASTER and FW1 stay MASTER, therefore I have two firewalls (FW1 and FW2) replying by MASTER (10.10.10.2). This can't happen! When this happen, both FW1 and FW2 stay crazy! The network stay crazy! I'm working for resolve this problem, but i didn't obtain the solution yet. Can you help me? Thanks. -- Fábio Ferrão "E conhecereis a verdade e a verdade vos libertará". João 8.32 "And you will know the truth and the truth you will free". John 8.32-- Alex Kirk AEGIS Program Lead Sourcefire Vulnerability Research Team +1-410-423-1937 alex.kirk () sourcefire com ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort_Inline + Carp Fábio Ferrão (Feb 03)
- Re: Snort_Inline + Carp Alex Kirk (Feb 03)
- Re: Snort_Inline + Carp Will Metcalf (Feb 03)
- Message not available
- Message not available
- Re: Snort_Inline + Carp Fábio Ferrão (Feb 04)
- Re: Snort_Inline + Carp Will Metcalf (Feb 03)
- Re: Snort_Inline + Carp Alex Kirk (Feb 03)