From: Will M. <wil...@gm...> - 2005-11-17 05:29:46
|
Hmmm Are you sure that snort-inline can see the full twh? i.e. are you queueing both client and server traffic? Regards, Will On 11/16/05, Rob Campbell <rca...@pc...> wrote: > Hello, > > I have been configuring an IPS using snort inline. I am running the > latest version, 2.4.3RC2. It is running in bridge mode with "iptables > -A FORWARD -j QUEUE" on the bridge interface. When I have enforce_state > on, it seems to block all TCP traffic. With a packet capture I do see > the SYN being sent to the remote host, but I never get any replies. If > I turn off enforce_state it starts working again. > > What are the downsides to turning off enforce_state or stream4inline? > Thank you. > > Rob Campbell > Pacific Coast Wireless Internet > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. Get Certified Today > Register for a JBoss Training Course. Free Certification Exam > for All Training Attendees Through End of 2005. For more info visit: > http://ads.osdn.com/?ad_id=3D7628&alloc_id=3D16845&op=3Dclick > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |