Hello, A copy of your pf.conf should help us see what you missed. Alex ----- Original Message ----- From: Joe Arcidiacono <[email protected]> To: [email protected] Sent: Mon, 06 May 2013 16:23:11 +0300 (EAT) Subject: Re: [PacketFence-users] Packetfence 3.6.1 Snort help
Hi Fabrice, Thank you for getting back to me. To answer your question, yes, I have set detection=enabled as well as detection_engine=snort. Snort and pfdetect are running. As a matter of fact, all services are running with the exception of radius(which is fine since I'm not using it at the moment anyway). If I start downloading a Ubuntu torrent file on my guest network, my P2P traffic is not being trapped by packetfence. I've tried everything I can think of with no success. Any help or suggestions would be greatly appreciated. Thank you again Joe On Mon, May 6, 2013 at 8:37 AM, Fabrice DURAND <[email protected]> wrote: > Hi, > did you set: > [trapping] > detection=enabled > detection_engine=snort > > If yes, did snort starting when you try to launch packetfence ? > Is pfdetect running ? > > Regards > Fabrice > > Le 2013-05-03 19:59, Joe Arcidiacono a écrit : > > Hey All, > > > > I'm implementing inline enforcement(NAT) with Packetfence version > 3.6.1 and > am having alot of trouble trying to get snort to trap violations on my > internal network. This network is going to be used for guest wireless > access only. Captive Portal and self registration work perfectly, > however, > I noticed that no trap violations are being generated. I'm using a Meru > MC3200 controller for wireless connectivity. I have a physical server > running Debian Squeeze > that has 2 NICs. NIC 1 is my management NIC with IP 172.16.x.x/16. > NIC 2 is > assigned 10.250.x.x/21 for the guest wireless network. All guests > who receive an IP address has NIC 2's interface as the gateway address. > I have set trapping=enabled as well as assign the "monitor" option to > my > 10.250 NIC and enabled P2P violations. When I issue the command > "snort -i eth1 -v"(eth0 is my 172.16.x.x management card) I can see > all of the traffic flowing through but for some > reason, snort will not pick up on any violations. I ran the > update_rules.pl script to make sure the rules were updated to no > avail. > I believe I am missing an important step or 2. > Does the snort.conf file have to be edited somehow? If so, do I edit > the > /usr/local/pf/conf/snort.conf file or the /etc/snort/snort.conf file? > Also, > what would need to be edited to get the traps working? I have read the > Admin guide for 3.6.1 at least 30 times but with no luck. Any advice > would > be much appreciated. I thank you ahead of time for any suggestions. > > > > > Joe > > > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in > minutes.http://p.sf.net/sfu/appdyn_d2d_ap1 > > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
