Hello,
Have you looked at /var/log/messages and /usr/local/pf/logs/violation.log?
Snort will normally log information there if it sees something.
You could start your torrent app and see is anything appears in
/var/log/messages or /usr/local/pf/logs/violation.log
I know you mentioned that snort is running but can you run
/etc/init.d/snortd status ...just to be sure.
Alex
On 5/7/2013 1:18 AM, Joe Arcidiacono wrote:
Hi Alex,
Thanks for taking the time to look at my config. Below is the pf.conf
output. If you need to view any other files just let me know and I'll
post them. Thanks again.
[interface eth1]
enforcement=inline
ip=10.250.0.10
type=internal,monitor
mask=255.255.248.0
[interface eth0]
ip=172.16.4.58
type=management
mask=255.255.0.0
enforcement=
[database]
pass=my_password
[general]
dhcpservers=127.0.0.1,172.16.4.9
domain=mydomain.local
dnsservers=172.16.4.1
timezone=America/Eastern
[alerting]
[email protected] <mailto:[email protected]>
[email protected] <mailto:[email protected]>
smtpserver=x.x.x.x
[guests_self_registration]
modes=sms
access_duration=1D
allow_localdomain=disabled
[expire]
node=1D
iplog=3D
traplog=3D
locationlog=5D
[registration]
range=10.250.0.0/21 <http://10.250.0.0/21>
expire_mode=window
maxnodes=1
nbregpages=1
[trapping]
range=10.250.0.0/21 <http://10.250.0.0/21>
redirecturl=
detection=enabled
[inline]
interfaceSNAT=
On Mon, May 6, 2013 at 3:15 PM, Alex Kisakye <[email protected]
<mailto:[email protected]>> wrote:
Hello,
A copy of your pf.conf should help us see what you missed.
Alex
----- Original Message -----
From: Joe Arcidiacono <[email protected]
<mailto:[email protected]>>
To: [email protected]
<mailto:[email protected]>
Sent: Mon, 06 May 2013 16:23:11 +0300 (EAT)
Subject: Re: [PacketFence-users] Packetfence 3.6.1 Snort help
Hi Fabrice,
Thank you for getting back to me. To answer your question, yes, I
have set
detection=enabled as well as detection_engine=snort. Snort and
pfdetect are
running. As a matter of fact, all services are running with the
exception
of radius(which is fine since I'm not using it at the moment
anyway). If I
start downloading a Ubuntu torrent file on my guest network, my
P2P traffic
is not being trapped by packetfence. I've tried everything I can
think of
with no success. Any help or suggestions would be greatly appreciated.
Thank you again
Joe
On Mon, May 6, 2013 at 8:37 AM, Fabrice DURAND <[email protected]
<mailto:[email protected]>> wrote:
> Hi,
> did you set:
> [trapping]
> detection=enabled
> detection_engine=snort
>
> If yes, did snort starting when you try to launch packetfence ?
> Is pfdetect running ?
>
> Regards
> Fabrice
>
> Le 2013-05-03 19:59, Joe Arcidiacono a écrit :
>
> Hey All,
>
>
>
> I'm implementing inline enforcement(NAT) with Packetfence version
> 3.6.1 and
> am having alot of trouble trying to get snort to trap violations
on my
> internal network. This network is going to be used for guest
wireless
> access only. Captive Portal and self registration work perfectly,
> however,
> I noticed that no trap violations are being generated. I'm using
a Meru
> MC3200 controller for wireless connectivity. I have a physical
server
> running Debian Squeeze
> that has 2 NICs. NIC 1 is my management NIC with IP 172.16.x.x/16.
> NIC 2 is
> assigned 10.250.x.x/21 for the guest wireless network. All guests
> who receive an IP address has NIC 2's interface as the gateway
address.
> I have set trapping=enabled as well as assign the "monitor"
option to
> my
> 10.250 NIC and enabled P2P violations. When I issue the command
> "snort -i eth1 -v"(eth0 is my 172.16.x.x management card) I can see
> all of the traffic flowing through but for some
> reason, snort will not pick up on any violations. I ran the
> update_rules.pl <http://update_rules.pl> script to make sure the
rules were updated to no
> avail.
> I believe I am missing an important step or 2.
> Does the snort.conf file have to be edited somehow? If so, do I edit
> the
> /usr/local/pf/conf/snort.conf file or the /etc/snort/snort.conf
file?
> Also,
> what would need to be edited to get the traps working? I have
read the
> Admin guide for 3.6.1 at least 30 times but with no luck. Any advice
> would
> be much appreciated. I thank you ahead of time for any suggestions.
>
>
>
>
> Joe
>
>
>
------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for
Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in
minutes.http://p.sf.net/sfu/appdyn_d2d_ap1
>
>
>
> _______________________________________________
> PacketFence-users mailing
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
<http://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
>
>
> --
> Fabrice [email protected]
<mailto:[email protected]> :: +1.514.447.4918
<tel:%2B1.514.447.4918> (x135) :: www.inverse.ca
<http://www.inverse.ca>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
>
>
>
>
------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for
Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
<mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
