Basics of setting up an inline snort installation

[Dave Kelly <bigdavekelly () googlemail com>]

Hello,

I'm going to try setting up a new inline configuration, I've only
tried passive before but would like Snort to be able to drop packets
it says are bad.  I'm trying to work out the IP addressing for it. At
the moment, I have all my machines in 192.168.1.0/24 with a router at
192.168.1.1 and a mirrored port on the switch sending all traffic to
snort.

It's pretty similar to the Ubuntu getting started guide in the docs
("Snort 2.9.2.0 on Ubuntu 10.04 LTS").

I think that to move snort to inline I'm going to need to give it a
proper IP address and have the traffic pass through it but I can't
quite work out how to do that without reconfiguring all the hosts to
have new gateway addresses etc.  Any hints to get me going would be
much appreciated.

Dave.

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!