Hi Fabrice,
Thank you for getting back to me. To answer your question, yes, I have set
detection=enabled as well as detection_engine=snort. Snort and pfdetect are
running. As a matter of fact, all services are running with the exception
of radius(which is fine since I'm not using it at the moment anyway). If I
start downloading a Ubuntu torrent file on my guest network, my P2P traffic
is not being trapped by packetfence. I've tried everything I can think of
with no success. Any help or suggestions would be greatly appreciated.
Thank you again
Joe
On Mon, May 6, 2013 at 8:37 AM, Fabrice DURAND <[email protected]> wrote:
> Hi,
> did you set:
> [trapping]
> detection=enabled
> detection_engine=snort
>
> If yes, did snort starting when you try to launch packetfence ?
> Is pfdetect running ?
>
> Regards
> Fabrice
>
> Le 2013-05-03 19:59, Joe Arcidiacono a écrit :
>
> Hey All,
>
>
>
> I'm implementing inline enforcement(NAT) with Packetfence version
> 3.6.1 and
> am having alot of trouble trying to get snort to trap violations on my
> internal network. This network is going to be used for guest wireless
> access only. Captive Portal and self registration work perfectly,
> however,
> I noticed that no trap violations are being generated. I'm using a Meru
> MC3200 controller for wireless connectivity. I have a physical server
> running Debian Squeeze
> that has 2 NICs. NIC 1 is my management NIC with IP 172.16.x.x/16.
> NIC 2 is
> assigned 10.250.x.x/21 for the guest wireless network. All guests
> who receive an IP address has NIC 2's interface as the gateway address.
> I have set trapping=enabled as well as assign the "monitor" option to
> my
> 10.250 NIC and enabled P2P violations. When I issue the command
> "snort -i eth1 -v"(eth0 is my 172.16.x.x management card) I can see
> all of the traffic flowing through but for some
> reason, snort will not pick up on any violations. I ran the
> update_rules.pl script to make sure the rules were updated to no
> avail.
> I believe I am missing an important step or 2.
> Does the snort.conf file have to be edited somehow? If so, do I edit
> the
> /usr/local/pf/conf/snort.conf file or the /etc/snort/snort.conf file?
> Also,
> what would need to be edited to get the traps working? I have read the
> Admin guide for 3.6.1 at least 30 times but with no luck. Any advice
> would
> be much appreciated. I thank you ahead of time for any suggestions.
>
>
>
>
> Joe
>
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in
> minutes.http://p.sf.net/sfu/appdyn_d2d_ap1
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
