Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.1 and Snort with IPv6

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pyrodex
      last edited by

      First of not sure if this should be in the 2.1 section or packages section but I'll try here first.

      I've been running 2.1 for a few weeks now with Snort without issues however recently I've integrated Charter's IPv6 6RD setup and it is working like a champ. However this has affected my Snort setup and it doesn't want to start anymore. I am getting the following line now when trying to start Snort with my latest configuration:

      
Nov 10 10:59:14 firewall.localhome.com snort[31863]: FATAL ERROR: /usr/local/etc/snort/snort_58483_em0/snort.conf(17) Failed to parse the IP address: [xx.xxx.xxx.xx/xx,xx.xxx.xxx.x/xx,xxx.xxx.xx.x/xx,xxx.x.x.x,x.x.x.x,x.x.x.x,xxxx:xxx:xxxx:axxx::/,fexx::x:x/xx,xxxx:xxxx:xxxx::xxxx,xxxx:xxxx:xxxx::xxxx,::x].

      My LAN/WAN setup is attached to the post and I am running 2.1-BETA0 (amd64) built on Fri Nov 9 14:10:59 EST 2012 for the version.

      Any thoughts or ideas to fix this by chance? Thanks in advance!

      wan.PNG
      wan.PNG_thumb
      lan.PNG
      lan.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Its a snort package thing.
        Maybe the list is not generated with the format snort expect for IPv6 need to do some trial and test to find teh right format and let me know.
        At the time i did the implementation it worked though!?

        1 Reply Last reply Reply Quote 0
        • P
          pyrodex
          last edited by

          @ermal:

          Its a snort package thing.
          Maybe the list is not generated with the format snort expect for IPv6 need to do some trial and test to find teh right format and let me know.
          At the time i did the implementation it worked though!?

          I found the problem and it is a syntax error in the population of the HOME_NET variable. As you compile the list of IPs to protect in the HOME_NET it is including my stf0 interface which in my 6RD implementation comes across as this in the route table:

          
Internet6:
Destination                       Gateway                       Flags      Netif Expire
default                           2602:100:4472:a501::          UGS        stf0

          Somehow in the building of the HOME_NET the IP is getting setup with a / but no prefix number at the end. If I replace 2602💯4472:a501::/ with 2602💯4472:a501::/64 it works and starts up. But I am not sure what this should be since I am using Charter's configuration which says /32 for the 6rd ipv4 prefix length and /32 for the 6rd prefix.

          Thoughts?

          1 Reply Last reply Reply Quote 0
          • P
            pyrodex
            last edited by

            Bump.

            Any thoughts?

            1 Reply Last reply Reply Quote 0
            • P
              pyrodex
              last edited by

              Am I the only one seeing this issue? Can someone with a 6RD setup comment on their snort success please?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.