Transparant Bridge, no firewall?



  • I have some problems with firewalling my Transparant Bridge. (using the firewall -> rules)
    I'm using pfSense 1.2RC2

    Snort doesn't work. It doesn't filter attacks and other things.
    But still there are attacks on the servers, and Snort doens't block anything.
    The snort service is running, and has no problems.
    I'm using Snort with performance "ac", and it is up-to-date.

    Who know an option to solve this problem? :)



  • Have you enabled the "Block Offenders" option?

    Are you getting alerts in the snort alerts tab?

    Are there any IPs in the blocked tab?

    if so goto the Diagnostics->command and run "ps aux | grep snort" you should get 2 entries one for snort and one for snort2c (the program that copies offenders IPs to the PF firewall).



  • @morbus:

    Have you enabled the "Block Offenders" option?

    Are you getting alerts in the snort alerts tab?

    Are there any IPs in the blocked tab?

    if so goto the Diagnostics->command and run "ps aux | grep snort" you should get 2 entries one for snort and one for snort2c (the program that copies offenders IPs to the PF firewall).

    I have enabled the "Block Offenders".
    The snort alerts list is emty, and there are no IP's blocked.

    $ ps aux | grep snort
    root    805  0.0  0.1  1292  908  ??  Is  28Sep07  0:00.00 snort2c -w /var/
    root  24122  0.0  0.1  1532  988  ??  R    10:28PM  0:00.00 grep snort



  • Your ps output shows snort isn't running. What is logged to your system log when it tries to start?



  • I was looking at the services page, and i saw that the snort service was running.

    System log, when I restart de snort service:
    Nov 3 09:37:14 snort[10451]: Daemon initialized, signaled parent pid: 10437
    Nov 3 09:37:14 snort[10451]: Daemon initialized, signaled parent pid: 10437
    Nov 3 09:37:14 snort2c[10454]: snort2c running in daemon mode pid: 10454
    Nov 3 09:37:14 snort2c[10454]: snort2c running in daemon mode pid: 10454
    Nov 3 09:37:31 SnortStartup[10513]: Ram free BEFORE starting Snort: 721M – Ram free AFTER starting Snort: 616M -- Mode ac-sparsebands -- Snort memory usage:

    And a new ps output:
    $ ps aux | grep snort
    root  10451 17.5 51.1 526836 527044  ??  Ds    9:37AM  2:21.81 snort -c /usr/lo
    root  10454  0.0  0.1  1292  908  ??  Is    9:37AM  0:00.00 snort2c -w /var/
    root  10812  0.0  0.1  1600  1048  ??  S    9:41AM  0:00.00 grep snort



  • Here's a new ps aux output…..

    $ ps aux | grep snort
    root  10454  0.0  0.1  1292  908  ??  Is    9:37AM  0:00.00 snort2c -w /var/
    root  76987  0.0  0.1  1552  656  ??  R    10:04PM  0:00.00 grep snort

    I think it's stopped again?  ???



  • hi!

    try running snort in lowmem mode. there seems to be troubles with the other modes.

    regards

    cc


Log in to reply