Snort newbie : LAN Interface Destination IP setup
-
Good day, I recently configured a pfsense in our office and enabled snort package. I configured LAN interface and noticed that all the alerts traffic is from local network to internet i.e. 192.168.1.105 => [external ip address], can I configure it so that it will also show suspicious traffic from router to lan network? [external ip address/pfsense] => 192.168.1.105. Thanks!
-
@stalemartyr said in Snort newbie : LAN Interface Destination IP setup:
Good day, I recently configured a pfsense in our office and enabled snort package. I configured LAN interface and noticed that all the alerts traffic is from local network to internet i.e. 192.168.1.105 => [external ip address], can I configure it so that it will also show suspicious traffic from router to lan network? [external ip address/pfsense] => 192.168.1.105. Thanks!
It should already be doing that if such traffic exists. Remember that by default the WAN on pfSense is configured to block all unsolicited inbound traffic. That means your LAN interface will never see something unsolicited from the Internet (say a connection attempt to SSH or something unless you have port forwarding enabled, and enabling port forwards is generally not a secure practice -- use VPNs instead for external connections to your LAN).