Platform = Fedora 2 IPTables firewall. Snort running inside the firewall.
Question. Iniside firewall as in "on separate machine inside firewall", or as in "on the same machine as firewall"?
In former case, it might as well be that the packet you are seeing had spoofed IP address, and that it originated inside your network. Is eth0 on your LAN or outside. Another case could be that you have ommision in firewall rules (so that "what is logged is not always dropped").
In later case, what you are seeing is what you were supposed to see (if I'm correct on how snort works, by sniffig network traffic directly from the network interface).
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
