Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Force snort to use specific WAN interface to update signatures

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 4 Posters 997 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8 @digitalmg
      last edited by

      @digitalmg It cant and there is no way I am aware off.

      1 Reply Last reply Reply Quote 0
      • P
        pst @digitalmg
        last edited by

        @digitalmg Hi, yes I agree my suggestion doesn't work in this case. I no longer run a two WANs setup so I can't give you the exact configuration I used, but having thought a bit about possible solutions I might have used static routes. In System / Routing / Static Routes you can specify your sites alias for Destination Network and then the Gateway of choice. All traffic to those sites will of course go through that gateway, not just Snort updates, but for me that was an acceptable compromise.

        D 1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Yes you can't policy route traffic from the firewall itself like that. It never passes the LAN side firewall rule.

          It always uses the system routing table so usually that would be the default route. You can add static routes via one of the gateways for a particular destination.

          Otherwise you would need Snort to bind to one of the WAN addresses but I don't think you can do that.

          Steve

          D 1 Reply Last reply Reply Quote 1
          • D
            digitalmg @stephenw10
            last edited by

            @stephenw10
            Hello
            Same problem goes for Squid module.
            Any interface I choose for outgoing interface is actually ignored by Squid.
            What about this ?

            stephenw10S 1 Reply Last reply Reply Quote 0
            • D
              digitalmg @pst
              last edited by

              @pst
              Hi
              Your solution solved my snort update problem.
              It works fine by now.
              Thanks alot.

              Do you have any idea about Squid module on pfsense ?
              Why it does not follow outgoing interface settings ?

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator @digitalmg
                last edited by

                @digitalmg said in Force snort to use specific WAN interface to update signatures:

                Any interface I choose for outgoing interface is actually ignored by Squid.

                That should work. Do you see it added to the conf file in /usr/local/etc/squid/squid.conf ?

                D 1 Reply Last reply Reply Quote 0
                • D
                  digitalmg @stephenw10
                  last edited by

                  @stephenw10
                  Yeah it does
                  tcp_outgoing_address 172.16.10.46
                  it is my desired WAN IP address, but traffic is routed to another WAN interface IP which is the same as pfSense outbound NAT rule with source of This Firewall(Self)
                  Any idea ?!

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    You should not have an outbound NAT rule for traffic from the firewall itself.

                    Are you using OBN in manual mode? The auto mode rules don't do that.

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      digitalmg @stephenw10
                      last edited by

                      @stephenw10
                      I use AON - Advanced Outbound NAT.
                      I have to set NAT for This Firewall to be able to monitor my main WAN Interface.
                      As my Public IP address are defined as IP Alias and my WAN interface is assigned a static invalid IP address, pfSense cannot check the connection status by defined Monitoring IP which is 4.2.2.4

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Then you should set something much more limited that catches only that traffic. Or at least only traffic from that private IP on that interface.

                        Anything that get's caught by that rule will be sent out of that WAN and 'this firewall' includes any other WAN IPs.

                        D 1 Reply Last reply Reply Quote 1
                        • D
                          digitalmg @stephenw10
                          last edited by

                          @stephenw10
                          Thanks alot
                          It is working properly now !
                          You saved me

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.