Date: Thu, 5 Dec 2002 22:34:42 -0800 (PST) From: "nate" <freebsd@aphroland.org> To: <questions@FreeBSD.org> Subject: Re: IPFW & Snort Message-ID: <60998.10.10.10.7.1039156482.squirrel@webmail.linuxpowered.net> In-Reply-To: <000c01c29cdb$4f651270$1500a8c0@dogbert> References: <000c01c29cdb$4f651270$1500a8c0@dogbert>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian McCann said: > Simple question for you all...but it evades me. I'm trying to setup a box > that will monitor a network, but be totally invisible to that > network, but it needs an IP since it will be using some programs like > BigBrother and whatnot. So...my question is...if I use IPFW to block, for > example, all ports and effectively totally blocking TCP/IP, will Snort > still be able to capture TCP/IP packets? Has anyone tried/done this? I reccomend just using 3 NIC interfaces. run 2 of em in bridged mode, e.g. my home network is protected by a freebsd box running 4 NICs, 1 management(inside internal firewall), NICs 2 and 3 are bridging, NIC 2 is the firewall, NIC 3 is snort, NIC 4 is not being used. this way since all traffic goes accross 2 interfaces I can run snort on the "internal" one so it has no chance of detecting what is dropped on the "external" one. then behind that machine I have another machine doing the NAT. works great. nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?60998.10.10.10.7.1039156482.squirrel>