Snort manual install



  • Hello, friends!  ;)

    I badly need in Snort install at PFSense 2.03. I don't care about version, and, yes, I cannot migrate to newer PFSense (loadbalancing doesn't work with squid at all 2.1-2.2).
    Unfortunately I deinstalled old snort, right now I cannot install it again. Of cource, I see all (including archived) versions of snort at
    http://files.pfsense.org/packages/8/All/
    I can install almost any of them manually (via pkg_add) but they don't appear in web-interface.



  • I would be going to think over and set up behind the pfSense a Squid + SquidGuard Proxy
    on another hardware. So you can easily upgrade for 2.2.1 now and reinstall Snort on the
    pfSense Hardware and you are able to use the Squid Proxy!

    Likes Intel C2758 with pfSense on it and ALixAPU with CentOS and Squid or ClearOS with enabled Squid.



  • I cannot think over how can I use TRANSPARENT proxy at the other computer but router. Moreover, right now router has enough computing/RAM/disk power and interfaces to route/proxy/sniff. And, yes, snort at the other computer (who doesn't see WAN) is quite useless.



  • Manual installation along with having the GUI interface hooks into pfSense is extremely hard to do.  It requires hand-editing a number of critical files.  However, even if you did that, the new Snort PHP files won't run on 2.0.3 pfSense because they call and use system features that are only available in pfSense 2.1.x and higher.

    So the short answer is you can't have the GUI with the current Snort PHP package on pfSense versions prior to 2.1.x.  You can manually download and install the old *.tbz package, but you will need to use Snort exclusively from the CLI (command line) like you would if you installed it on a plain-vanilla FreeBSD 8.1 machine.  You will have to create the snort.conf file by hand, download rules by hand, and start-stop Snort from the command-line.

    Bill


Log in to reply