Firewalling some servers and using snort (need advice)
Hi my setup is confusing me actually. So I decided to speak it out.
Currently, I have pfsense doing Snort and transparent Squid on the WAN side.
I see a lot of alerts for various stuff and snort is looking after the WAN side and blocking stuff.
When I turn on snort on the Lan side. My users get blocked for various reasons. (According to rules of course)
Now I don't want my users to cry all the time to me as they get blocked sometimes, so i disabled snort on the lan side.
I was thinking that I would use another firewall between my users and the servers. Just plain firewall and open the ports as needed. I also want to enable snort on it.
This is what i did so far:
I took an old machine and installed pfsense on it. For the wan side i used it as dhcp and the lan side I disabled dhcp. My servers have static ip's. In other words, my main firewall is 192.168.1.1 and on the second box I got the WAN side as 192.168.1.24(DHCP) and on the Lan side I put 192.168.1.25.
Now from the lan side i can ping the wan side ip, but I cannot ping anything on my network nor can I ping the gateway which is 192.168.1.1
I took my laptop to the Lan side and change the IP as 192.168.1.26 and gateway as 192.168.1.25, still no luck.
Is there anything I am doing stupid?
Thanks all who read this and reply.
Sorry but I really do not understand what you are trying to achieve. To put firewall between users and server? One thing that probably will give you a hint for solution: you are assigning IP addresses from one subnet to LAN and WAN interfaces, are you trying to build bridge?
Yes bridge is the right word. It's actually workign now. Many thanks