Snort mailing list archives
Re: One Simple Question ?
From: Ian Bowers <iggdawg () gmail com>
Date: Tue, 9 Oct 2012 09:36:21 -0400
Apologies if I'm mistaking you, but I'm reading this literally. Running it inline with one interface should work fine if you leverage VLANs. Same basic idea as a router-on-a-stick setup. Unlike some other VLAN trickery, you probably won't be able to use a dumb switch for this unless you have a router that understands VLANs if you want any mote of security 1) create 2 VLAN interfaces, say VLAN 12 and VLAN 13. 2) have your user access ports on VLAN 12, and your router access port on VLAN 13 3) there's really no step 3, I started with numbered bullets and wanted more than 2. At this point your snort box would be an inter-VLAN router basically, sitting between your users and your router. but using only one physical interface. Alternately, if your router is VLAN capable you can pull this off with a dumb switch. configure just one VLAN interface, and leave your physical interface with an IP address on it. By using the physical interface, you're on the native VLAN of the trunk by default. Then the VLAN subinterface would communicate with a subinterface on the router of the same VLAN. This again uses only one physical interface. Hope this helps, -Ian On Mon, Oct 8, 2012 at 10:35 AM, Ibrahim Lubis <baim.lubis () gmail com> wrote:
One Simple Question, :) Can I Run Snort in inline mode with one interface ? i only see alot when googling snort in inline mode with 2(bridging) or 3( +1 management ) interface. Thx ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- One Simple Question ? Ibrahim Lubis (Oct 08)
- Re: One Simple Question ? JJC (Oct 08)
- Re: One Simple Question ? AllowOverride (Oct 08)
- Re: [isec] One Simple Question ? Borja Ruiz-Castro (Oct 08)
- Re: One Simple Question ? Ian Bowers (Oct 09)
- Re: One Simple Question ? JJC (Oct 08)