I want to set up a LAN(LAN1) which will have a victim machine and a second system with SNORT running on it. The second system with SNORT should act as a gateway between the LAN1 and LAN2. LAN2 will have a system which will attack the victim machine.
For the second machine to be a gateway with SNORT running on it, I just have to enable IP FORWARDING with two NIC ..... Is it right or wrong???
I have like very lilttle knowledge about linux and networking. Someone told me that the whole setup is wrong. If its wrong then plz correct me else plz guide me in the above setup.
Hmm, this sounds like college homework. You will have to use IP forwarding, and you will have to let the IP address of the snort box on LAN 1 be the gateway for the LAN 1 victim machine to get to LAN2. The IP address of the snort box on LAN 2 will need to be the gateway for the LAN 2 attck machine to get to LAN 1.
Try that and make sure you can ping between the two servers before activating snort.