Hi,
did you set:
[trapping]
detection=enabled
detection_engine=snort
If yes, did snort starting when you try to launch packetfence ?
Is pfdetect running ?
Regards
Fabrice
Le 2013-05-03 19:59, Joe Arcidiacono a écrit :
Hey All,
I'm implementing inline enforcement(NAT) with Packetfence version
3.6.1 and
am having alot of trouble trying to get snort to trap violations on my
internal network. This network is going to be used for guest wireless
access only. Captive Portal and self registration work perfectly, however,
I noticed that no trap violations are being generated. I'm using a Meru
MC3200 controller for wireless connectivity. I have a physical server
running Debian Squeeze
that has 2 NICs. NIC 1 is my management NIC with IP 172.16.x.x/16.
NIC 2 is
assigned 10.250.x.x/21 for the guest wireless network. All guests
who receive an IP address has NIC 2's interface as the gateway address.
I have set trapping=enabled as well as assign the "monitor" option to my
10.250 NIC and enabled P2P violations. When I issue the command
"snort -i eth1 -v"(eth0 is my 172.16.x.x management card) I can see
all of the traffic flowing through but for some
reason, snort will not pick up on any violations. I ran the
update_rules.pl <http://update_rules.pl> script to make sure the rules
were updated to no avail.
I believe I am missing an important step or 2.
Does the snort.conf file have to be edited somehow? If so, do I edit the
/usr/local/pf/conf/snort.conf file or the /etc/snort/snort.conf file?
Also,
what would need to be edited to get the traps working? I have read the
Admin guide for 3.6.1 at least 30 times but with no luck. Any advice would
be much appreciated. I thank you ahead of time for any suggestions.
Joe
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
