Hi everyone!

I've installed snort 2.4.3 with BASE in a Red Hat enterprise edition
Linux server which has 6 network ports, 5 for sniffing and 1 for
management.
The sniffing cards don't have IP addresses (I've used the "ifup
eth#"), and they are also in promiscuous mode. Everything works fine,
except 1 thing. The thing is that I cannot use the local Whois function
in Snort. I've even installed a BIND DNS server at the same
machine(locally) with no success at all. When I "click" at any IP
at the Snort(BASE) web interface the Local Whois doesn't resolve the
DNS and it displays only once the following error: "No route to
host". It also displays "FQDN: (no DNS resolution attempted)". It
looks like the Snort doesn't know what interface to use for DNS
resolution. I've set up correctly the DNS Server at the management
interface (the interface having the IP) and when I "ping"
anything(from the shell) with its name it replies back. So the system
itself uses the local DNS Server (BIND) for DNS resolution. What is the
problem for Snort?? Should I use IPs in ALL interfaces?? But why?? Why
doesn't it use the management interface for DNS resolution?? I
don't think it's a good idea to give an IP to the sniffing
interfaces...its better to remain undetected. Now I'll post some
configuration files in order to have a better picture of the
situation.(maybe I forgot something, who knows..)
This is my resolv.conf file:
nameserver 172.16.XXX.XX (the machine with Snort and BIND)
nameserver 172.16.XXX.XX (another local DNS Server)
nameserver 172.16.XXX.XX (another local DNS Server)
search (my dns suffixes)...

This is my routing table:

Destination Gateway Genmask Flags Metric Ref
Use Iface
172.16.168.0 * 255.255.255.0 U 0
0 0 eth2
169.254.0.0 * 255.255.0.0 U 0
0 0 eth2
default 172.16.168.62 0.0.0.0 UG 0
0 0 eth2

Any help would be greatly appreciated!
(Please feel free to forward this to any relevant newsgroup)