Thank your for your help. These are the answers to your questions
> Can you post your pf.conf , did you set a monitor interface ?
>
> Fabrice
Yes I did. The inline interface is also the monitor interface. This what
I did in PF3.6 and worked perfectly
Is this not posible in PF4.1 ? I have not upgraded, It is a new
installation though.
XXXX means hidden for security
[general]
domain=XXXX
hostname=nac
dnsservers=XXXX
dhcpservers=192.168.18.1,192.168.19.1,192.168.20.1
locale=es_ES
timezone=Europe/Madrid
[trapping]
range=10.0.0.0/16, 192.68.0.0/16
detection=enabled
interception_proxy=enabled
[registration]
button_text=Registro
[alerting]
emailaddr=XXXX
smtpserver=XXXX
[database]
pass=XXXX
[captive_portal]
network_detection=disabled
[interface eth0.802]
ip= XXXX
type=management
mask=255.255.255.0
[interface eth0.818]
enforcement=inline
ip=192.168.18.1
type=internal,monitor
mask=255.255.255.0
[interface eth0.819]
enforcement=vlan
ip=192.168.19.1
type=internal
mask=255.255.255.0
[interface eth0.820]
enforcement=vlan
ip=192.168.20.1
type=internal
mask=255.255.255.0
> Can you see if Snort can start when you run it by hand?
>
> /usr/local/bin/snort -d -i eth1 -u root -g snort -c /etc/snort/snort.conf -l
> /var/log/snort
If I run it by hand it works:
>/usr/sbin/snort -d -i eth0.818 -u root -g snort -c
/etc/snort/snort.conf -l /var/log/snort/
...
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.2.2 IPv6 GRE (Build 121)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
Copyright (C) 1998-2012 Sourcefire, Inc., et al.
Using libpcap version 1.3.0
Using PCRE version: 8.30 2012-02-04
Using ZLIB version: 1.2.7
Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.15 <Build 18>
Preprocessor Object: SF_SMTP (IPV6) Version 1.1 <Build 9>
Preprocessor Object: SF_REPUTATION (IPV6) Version 1.1 <Build 1>
Preprocessor Object: SF_SSLPP (IPV6) Version 1.1 <Build 4>
Preprocessor Object: SF_IMAP (IPV6) Version 1.0 <Build 1>
Preprocessor Object: SF_DNP3 (IPV6) Version 1.1 <Build 1>
Preprocessor Object: SF_SSH (IPV6) Version 1.1 <Build 3>
Preprocessor Object: SF_DCERPC2 (IPV6) Version 1.0 <Build 3>
Preprocessor Object: SF_SDF (IPV6) Version 1.1 <Build 1>
Preprocessor Object: SF_DNS (IPV6) Version 1.1 <Build 4>
Preprocessor Object: SF_MODBUS (IPV6) Version 1.1 <Build 1>
Preprocessor Object: SF_POP (IPV6) Version 1.0 <Build 1>
Preprocessor Object: SF_FTPTELNET (IPV6) Version 1.2 <Build 13>
Preprocessor Object: SF_GTP (IPV6) Version 1.1 <Build 1>
Preprocessor Object: SF_SIP (IPV6) Version 1.1 <Build 1>
Commencing packet processing (pid=2481)
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
