Shorewall users - Aug 2013 - shorewall and snort - recommendation

Dear all,
I''m setting up a new gateway for a small network (under 30 users)Gw
will host the following services:shorewalldnsproxy
i''m considering installing snort.can i do so on the same exact box ? is
there any security risk of doing so ?
box would have 4 ISPs and two internal interfaces. 
Any recommendation about the optimal setup of snort and shorewall (or if you
suggest anything other than snort) would be appreciated.


 		 	   		  

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk

Hi,
> Any recommendation about the optimal setup of snort and shorewall (or if
> you suggest anything other than snort) would be appreciated.
Snort can be used as a packet filter and/or it can be used as a
monitoring device. I didn''t use its filtering abilities, I used it as a
monitor.

I couldn''t find a way to get snort to monitor before iptables
"does stuff."

My last approach was to virtualise the firewall. On the host I installed
openvswitch and made a switch with a monitoring port, connected to snort
on yet another virtual machine.

"Let those CPU cycles spin."

I don''t use it anymore. Maybe I should but I made it too complex for
comfort. :)

Mark

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk

Thank you mark for your input.
After researching, i found out that it can work in three modes, one of them is
"inline"which works perfectly with iptables (shorewall backend sort of
speak).i''m still investigating this, when/if i find a stable solution
i''ll share it with you.

> Date: Sat, 31 Aug 2013 04:48:04 +0200
> From: lists+shorewall@internecto.net
> To: shorewall-users@lists.sourceforge.net
> Subject: Re: [Shorewall-users] shorewall and snort - recommendation
> 
> Hi,
> 
> > Any recommendation about the optimal setup of snort and shorewall (or
if
> > you suggest anything other than snort) would be appreciated.
> 
> Snort can be used as a packet filter and/or it can be used as a
> monitoring device. I didn''t use its filtering abilities, I used it
as a
> monitor.
> 
> I couldn''t find a way to get snort to monitor before iptables
"does stuff."
> 
> My last approach was to virtualise the firewall. On the host I installed
> openvswitch and made a switch with a monitoring port, connected to snort
> on yet another virtual machine.
> 
> "Let those CPU cycles spin."
> 
> I don''t use it anymore. Maybe I should but I made it too complex
for
> comfort. :)
> 
> Mark
> 
>
------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
>
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
 		 	   		  

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk