• I have tinkered around with this for some time, and cant find a solution. I am trying to make SNORT and Squid transparent proxy work together on the same box [2.3-RELEASE (i386)].

    I had Snort working for a long time. It was happily logging and blocking various traffic pursuant to the rule-set I selected. Everything appeared fine. Then I put Squid transparent proxy (with A/V) on, and started it up. It ran fine. Squid started eliminating various pieces of browser headers, as desired, and so on. But I noticed that Snort stopped having as many logs and blocks, though it continued to run normal (not broke).

    It appears that both programs are running fine, but it seems that the traffic that Squid is handling is somehow bypassing the Snort sensors. I think it may have something to do with this: http://bugs.endian.com/view.php?id=4455

    Does the traffic need to do this:
    Internet > Squid > Snort > LANĀ  (I think this is preferred)
    Or does the traffic need to do this:
    Internet > Snort > Squid > LAN

    And how does one tell Squid / Snort to pass traffic to the other.
    How do we get Snort and Squid to be fully operational under one PFSense box?