New install w/ Snort, can't generate any alerts
Running v2.3.2, w/ Snort, new install. We would like to inspect/alert from LAN (outbound) to WAN. We have port forwarding from LAN to WAN for a few services, like LAN-Address/8080 –> WAN-Host/80. Connectivity works for these.
For Snort, I've enabled all the rules I believe, and added some custom rules, similar to the following:
alert tcp any any -> LAN-Address/32 8080 (msg:"alert_8080"; sid:361000000; rev:1;)
When I get on a LAN box and run scripts against LAN-Address on port 8080, nothing gets logged/alerted.
Am I missing something, or is my setup incorrect?