Re: [Snort-users] Inline IP_Forwarding and other simple questions?
This is a discussion on Re: [Snort-users] Inline IP_Forwarding and other simple questions? within the Snort forums, part of the System Security and Security Related category; > It's that true? I almost can believe it. I enable ip_forwarding and then > I pass some traffic ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-28-2004
|
|||
|
|||
Re: [Snort-users] Inline IP_Forwarding and other simple questions?
> It's that true? I almost can believe it. I enable ip_forwarding and then
> I pass some traffic with QUEUE to snort-inline so I can take another > look at it. Am I doing it all wrong? Can you explain me why? >=20 There is no need to enable ip_forwarding if you are in bridge mode.=20 The brnf code moves data across the bridge for you. There is no need for an ip interface or anything. If you are running ip_forwarding in bridge mode turn it off. If you have a third management int or an ip assigned to the bridge interface this may lead to an insecure configuration. Regards, Will On 28 Dec 2004 23:43:19 +0100, Jose Maria Lopez <jkerouac@bgsec.com> wrote: > El jue, 23 de 12 de 2004 a las 21:21, Matt Kettler escribi=F3: > > At 02:04 PM 12/23/2004, mdpeters wrote: > > >Do I need to enable ip_forwarding on for the transparent bridge to wor= k? > > > > As I understand it, you explicitly MUST NOT enable ip_forwarding, other= wise > > your snort-inline is a "pass all". >=20 > It's that true? I almost can believe it. I enable ip_forwarding and then > I pass some traffic with QUEUE to snort-inline so I can take another > look at it. Am I doing it all wrong? Can you explain me why? >=20 > Thanks and Happy Christmas to everybody. >=20 > -- > Jose Maria Lopez Hernandez > Director Tecnico de bgSEC > jkerouac@bgsec.com > bgSEC Seguridad y Consultoria de Sistemas Informaticos > http://www.bgsec.com > ESPA=D1A >=20 > The only people for me are the mad ones -- the ones who are mad to live, > mad to talk, mad to be saved, desirous of everything at the same time, > the ones who never yawn or say a commonplace thing, but burn, burn, burn > like fabulous yellow Roman candles. > -- Jack Kerouac, "On the Road" >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.php3?listsnort-users > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
