• I have tinkered around with this for some time, and cant find a solution. I am trying to make SNORT and Squid transparent proxy work together on the same box [2.3-RELEASE (i386)].

    BACKGROUND:
    I had Snort working for a long time. It was happily logging and blocking various traffic pursuant to the rule-set I selected. Everything appeared fine. Then I put Squid transparent proxy (with A/V) on, and started it up. It ran fine. Squid started eliminating various pieces of browser headers, as desired, and so on. But I noticed that Snort stopped having as many logs and blocks, though it continued to run normal (not broke).

    THOUGHTS:
    It appears that both programs are running fine, but it seems that the traffic that Squid is handling is somehow bypassing the Snort sensors. I think it may have something to do with this: http://bugs.endian.com/view.php?id=4455

    QUESTION:
    Does the traffic need to do this:
    Internet > Squid > Snort > LANĀ  (I think this is preferred)
    Or does the traffic need to do this:
    Internet > Snort > Squid > LAN

    And how does one tell Squid / Snort to pass traffic to the other.
    How do we get Snort and Squid to be fully operational under one PFSense box?