Snort as IPS on WAN behind (VDSL-)Router



  • Hi there,

    just wondering whether you can actually use Snort in IPS-Mode (block offenders) if your WAN-Interface got a static private IP behind a providers router on the wall? Could it actually detect external IPs or would it only try to nlock the router? ;)

    thank you very much =)



  • @badger:

    Hi there,

    just wondering whether you can actually use Snort in IPS-Mode (block offenders) if your WAN-Interface got a static private IP behind a providers router on the wall? Could it actually detect external IPs or would it only try to nlock the router? ;)

    thank you very much =)

    Is this a home-user setup?  If so, are you saying the provider's VDSL modem handles the NAT and all your pfSense box gets is a private non-routable IP?

    In this setup, I would suggest you run Snort on the LAN side.  It will put the WAN IP and the far-end default gateway IP (which should be the LAN side of your VDSL modem) into the default Pass List and not block them.

    Bill



  • …and if I want to block (external) offenders? - i do not have any chance to in this setup?

    thank you. :D


  • Moderator

    @badger:

    …and if I want to block (external) offenders? - i do not have any chance to in this setup?

    thank you. :D

    Putting your Modem in "Bridge Mode" will help get Snort/Suricata to work as intended. It will also make NAT work if you require that (avoids Double-NAT)