Firewalling some servers and using snort (need advice)
-
Hi my setup is confusing me actually. So I decided to speak it out.
Currently, I have pfsense doing Snort and transparent Squid on the WAN side.
I see a lot of alerts for various stuff and snort is looking after the WAN side and blocking stuff.
When I turn on snort on the Lan side. My users get blocked for various reasons. (According to rules of course)
Now I don't want my users to cry all the time to me as they get blocked sometimes, so i disabled snort on the lan side.
I was thinking that I would use another firewall between my users and the servers. Just plain firewall and open the ports as needed. I also want to enable snort on it.
This is what i did so far:
I took an old machine and installed pfsense on it. For the wan side i used it as dhcp and the lan side I disabled dhcp. My servers have static ip's. In other words, my main firewall is 192.168.1.1 and on the second box I got the WAN side as 192.168.1.24(DHCP) and on the Lan side I put 192.168.1.25.
Now from the lan side i can ping the wan side ip, but I cannot ping anything on my network nor can I ping the gateway which is 192.168.1.1
I took my laptop to the Lan side and change the IP as 192.168.1.26 and gateway as 192.168.1.25, still no luck.
Is there anything I am doing stupid?
Thanks all who read this and reply.
Cheers.'
-
Sorry but I really do not understand what you are trying to achieve. To put firewall between users and server? One thing that probably will give you a hint for solution: you are assigning IP addresses from one subnet to LAN and WAN interfaces, are you trying to build bridge?
-
Yes bridge is the right word. It's actually workign now. Many thanks