Sounds good to me, although it sounds like an awful lot of traffic to
watch for one box. Watch out for bus/memory/processor limitations. I
can just see that poor 386 trying to move those packets through
ip_queue now ;-)
Regards,
Will
On Tue, 28 Dec 2004 18:40:00 -0500, Michael D. Peters
<mdpeters@lazarusalliance.com> wrote:
What I have is 4 unnumbered sensor interfaces, 2 unnumbered interfaces for
the bridge, and 1 numbered interface for the management port. I have not
turned on ip_forwarding at any time.
How does this sound?
Will Metcalf writes:
It's that true? I almost can believe it. I enable ip_forwarding and then
I pass some traffic with QUEUE to snort-inline so I can take another
look at it. Am I doing it all wrong? Can you explain me why?
There is no need to enable ip_forwarding if you are in bridge mode.
The brnf code moves data across the bridge for you. There is no need
for an ip interface or anything. If you are running ip_forwarding in
bridge mode turn it off. If you have a third management int or an ip
assigned to the bridge interface this may lead to an insecure
configuration.
Regards,
Will
On 28 Dec 2004 23:43:19 +0100, Jose Maria Lopez <jkerouac@bgsec.com> wrote:
El jue, 23 de 12 de 2004 a las 21:21, Matt Kettler escribió:
At 02:04 PM 12/23/2004, mdpeters wrote:
Do I need to enable ip_forwarding on for the transparent bridge to work?
As I understand it, you explicitly MUST NOT enable ip_forwarding,
otherwise
your snort-inline is a "pass all".
It's that true? I almost can believe it. I enable ip_forwarding and then
I pass some traffic with QUEUE to snort-inline so I can take another
look at it. Am I doing it all wrong? Can you explain me why?
Thanks and Happy Christmas to everybody.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?listsnort-users
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?listsnort-users
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
