Problems having Snort restart automatically on Dynamic IP
-
I'm helping a user who is on Verizon's ADSL service and using pfsense to protect an internal network. Details of the setup are below:
The ADSL service occasionally drops service, and comes back with a new WAN IP. When that happens, services restart - which is great. However, snort doesn't seem to restart leaving IDS functionality disabled.
I'd like the list's help to identify where a script could be positioned to have snort startup when the WAN IP changes.
I''ve tried installing a ip-up.sh script in /etc/ppp to restart snort, but that doesn't work. Is there another location?
thanks!
–-
Setup:Verizon ADSL --> Westell 6100F (in Bridged Mode) --> Soekris 6501 (running pfsense 2.01) --> LAN
SNORT : 2 items have been created : 1. Monitors WAN, 2. Monitors LAN
Running pfsense Version 2.0.1-RELEASE (i386) on Soekris 6501
built on Mon Dec 12 17:53:52 EST 2011 , FreeBSD 8.1-RELEASE-p6 -
Snort in the latest package should restart just fine.
What you have not given as information is:
- The interface snort is listening
- System log
-
I have snort running on 2 interfaces - WAN & LAN
WAN Interface:
- Set to PPPoE . connected to my ADSL Model (what is bridged).
- It gets a Dynamic IP from my ISP.
- When connection goes down , and then back up again - a new Dynamic IP is obtained, the snort instance listening on this port dies. Unlike other services (such as dynamic DNS, Freeradius2, etc) which do restart, this snort instance does not restart
LAN Interface:
- Set to Static IP. 192.168.x.1
- Snort instance listening on this interface tends to stay up.
@ermal:
Snort in the latest package should restart just fine.
What you have not given as information is:
- The interface snort is listening
- System log
-
Curious if there's any update on resolving this issue. Is there a place I can file a ticket to resolve it?
Alternatively, can anyone suggest the location of the services startup script that gets run each time the WAN IP address changes. I'm happy to tweak that script if needed.
Thanks