Snort via pfSense not working on LAN

[zerodamage]

Hi,

I am trying to run snort on my pfSense router (latest version) and it works fine on the WAN side but not on the LAN. I am thinking it has something to do with how my network is structured.

LAN => Wireless AP / Switch => pfsense router/snort => Internet

I get no alerts from the LAN side after moving the rules from the WAN interface to the LAN interface. I am hoping there is some kind of tweak that I need to make but not quite sure yet. Anyone run into this know how to fix it? Thanks!

 

[jadams]

what rules do you have applied?

 

[zerodamage]

what rules do you have applied?

I am using the built-in IPS policy of "Connectivity" and a few select Emerging Threats rules with regards to malware and viruses. Everything else is set to default which is how I had it set on the WAN side previously which generated alerts.

 

[jadams]

Firstly, is your only indicator that its "not working" is that you're not seeing alerts?

I dont have mine running on the the LAN, only the WAN. I'll switch it over to LAN tomorrow and let you know what I find.

 

[zerodamage]

Firstly, is your only indicator that its "not working" is that you're not seeing alerts?

I dont have mine running on the the LAN, only the WAN. I'll switch it over to LAN tomorrow and let you know what I find.

Yes. Absolutely zero alerts on the LAN versus regular alerts on the WAN.