Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems having Snort restart automatically on Dynamic IP

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      catfish99
      last edited by

      I'm helping a user who is on Verizon's ADSL service and using pfsense to protect an internal network. Details of the setup are below:

      The ADSL service occasionally drops service, and comes back with a new WAN IP. When that happens, services restart - which is great. However, snort doesn't seem to restart leaving IDS functionality disabled.

      I'd like the list's help to identify where a script could be positioned to have snort startup when the WAN IP changes.

      I''ve tried installing a ip-up.sh script in /etc/ppp to restart snort, but that doesn't work. Is there another location?

      thanks!

      –-
      Setup:

      Verizon ADSL --> Westell 6100F (in Bridged Mode) --> Soekris 6501 (running pfsense 2.01) --> LAN

      SNORT : 2 items have been created : 1. Monitors WAN, 2. Monitors LAN

      Running pfsense Version 2.0.1-RELEASE (i386) on Soekris 6501
      built on Mon Dec 12 17:53:52 EST 2011 , FreeBSD 8.1-RELEASE-p6

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Snort in the latest package should restart just fine.

        What you have not given as information is:

        • The interface snort is listening
        • System log
        1 Reply Last reply Reply Quote 0
        • C
          catfish99
          last edited by

          I have snort running on 2 interfaces - WAN & LAN

          WAN Interface:

          • Set to PPPoE . connected to my ADSL Model (what is bridged).
          • It gets a Dynamic IP from my ISP.
          • When connection goes down , and then back up again - a new Dynamic IP is obtained, the snort instance listening on this port dies. Unlike other services (such as dynamic DNS, Freeradius2, etc)  which do restart, this snort instance does not restart

          LAN Interface:

          • Set to Static IP. 192.168.x.1
          • Snort instance listening on this interface tends to stay up.

          @ermal:

          Snort in the latest package should restart just fine.

          What you have not given as information is:

          • The interface snort is listening
          • System log
          1 Reply Last reply Reply Quote 0
          • C
            catfish99
            last edited by

            Curious if there's any update on resolving this issue. Is there a place I can file a ticket to resolve it?

            Alternatively, can anyone suggest the location of the services startup script that gets run each time the WAN IP address changes. I'm happy to tweak that script if needed.

            Thanks

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.