Comprehension question on using Snort on WAN/LAN/DMZ
-
Hi there!
Sorry for my basic and simple question, but I don't come along with the documentation in that:
In our home network I use an APU.1D4 with 3 NICs. One for WAN, one for LAN and the third for "Freifunk" to offer free WLAN to everybody.
Now I want to setup Snort on WAN and LAN without filtering/logging any traffic on "Freifunk" (except traffic from "Freifunk" to LAN). Is it possible to set up a kind of a rule to do so and how would this look like (sounds simple)?Thanks in advance!
-
Any suggestions or ideas where I should have a look at first (I have access to the pfsense book)? Maybe someone knows a post where a question like this already has been discussed? :-\
Thanks in advance!
-
I don't use those packages, but the IDS/IPS forum is usually where Snort is discussed.
-
Personally, I would not permit any traffic from an open WLAN that has internet access to the LAN.
If user's on the open WLAN want to access resources on the LAN, then that traffic must go through the WAN interface and be treated as traffic coming from the internet.
Use the firewall rules for enforcing what you want to block and what you want to permit.
Use the IDS to detect abuses. -
Hello vbentley,
thank's for your reply, but I was misunderstood!
The very open WLAN has for sure no access to the LAN, only to WAN and LAN has no access to the WLAN, only to WAN.
My question is different (maybe my english is not the best) :-[:
I want to setup snort on LAN and WAN, but only for traffic to and from LAN. I'm searching on how to setup the rules for snort in a way, that WLAN and WAN for WLAN is generally not affected. This "Freifunk"-thing is based on a club and one of the rules in that association is not to sniff any traffic (gentlemen's agreement). That's my goal!Many thanks!
