Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort in dual-wan configuration

    pfSense Packages
    3
    3
    1958
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kane66 last edited by

      Hello,

      I have pfsense (latest snapshot), dual WAN configuration (WAN,OPT1). And Snort installed.
      If in Snort configuration I check WAN and OPT1 ("select all your WAN interfaces") then snort seems not working properly - in 'snort blocked' tab there are no IP, in 'snort alerts' there ale no alerts.

      If i check only one interface i.e. WAN - all work ok.

      Snort does'nt work with dual-wan in this way ?

      1 Reply Last reply Reply Quote 0
      • V
        Veni last edited by

        I noticed this too.
        I'm running 1.0.1-SNAPSHOT-03-18-2007 built on Thu Mar 8 22:14:44 EST 2007.

        Running top inside a ssh shows that snort2c is running but NOT snort as it is the process that also should be there.
        Disabling OPT1(in my case+reboot) fixes the issue and snort appears inside top and you can see how snort snorts up some CPU.

        1 Reply Last reply Reply Quote 0
        • Y
          yoda715 last edited by

          Snort is currently limited to running on only 1 WAN interface, iirc.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post