Snort and Firewall on the same box

["Paul D. Shaffer" <paulshaf () earthlink net>]

        Sorry to dig up an old thread which I don't recall ever being
satisfactorily resolved, but I've been pondering a good way to run snort and
an FW on the same box and came up with this angle:  Your box has three NICs:
eth0, 1, and 2.  Snort listens on eth0.  Eth1 and 2 form a stealthed,
bridged firewall with say, eth1 on the outside.  Eth0 and eth1 are jacked
into the same hub right behind the external router, ISP, whatever.  Does
that not pretty much eliminate any doubt about what snort is seeing,
regardless what the firewall is doing?  I might give this a try unless
someone can point out something wrong with the idea...

Cheers,

Paul
Longtime lurker



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users