|
|
|
|
Snort Forums Archive
Archive Home » BSD » PF conf for rdr to snort box?
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
PF conf for rdr to snort box?
Posted by dmnhunter on June 23, 2007 08:12:57
I have a good solid firewall running on front of my network right now!
And don't want to take the chance of creating a breech in it.
would like to create a rdr in pf to send all data coming in on ext_if to snort box listen ip
192.168.1.2 but no traffic out.
I have a management nic in snort box that is running openbsd 4.1 /mysql/base.
I was going to use the tap passive tap between the internet and my firewall but I am reading now that the snort box will still be vulenrable. Also I could not get the passive tap working right.
Any ideas guys........
Thanks................And I am in the process of writing a tutorial for openbsd install. |
|
Posted by michaelhunt on September 24, 2007 09:02:32
If you want to listen to everything (not just the stuff PF lets through or blocks) I would use a passive Ethernet tap because its less work for PF and if somebody gained control of the firewall they could stop traffic from being redirected to the snort sensor or modify what it can see.
Out of curiosity is it a transparent firewall? |
|
Posted by michaelhunt on September 24, 2007 09:08:32
If you are going to connect the snort sensor to the firewall you may want to use a one way Ethernet cable although I have not made one myself.
http://www.stearns.org/doc/one-way-ethernet-cable.html
You may want to look at these taps although I am not speaking from experience again.
http://www.netoptics.com/products/ |
|
|
|
|
|
