From: Rob C. <rca...@pc...> - 2005-11-18 00:40:21
|
No. That is the only iptables rule I have. The full rule was "iptables -A FORWARD -i br0 -o br0 -j QUEUE", could that cause any problems? Rob Campbell Pacific Coast Wireless Internet Will Metcalf wrote: > hmmm how odd, you don't have any other entries in your FORWARD chain > before you -A FORWARD -j QUEUE entry do you? > > Regards, > > Will > > On 11/17/05, Rob Campbell <rca...@pc...> wrote: >> It is happening on web traffic, IMAP traffic, and telnet to various ports. >> >> Rob Campbell >> Pacific Coast Wireless Internet >> >> Will Metcalf wrote: >>> sorry it's late missed the "iptables -A FORWARD -j QUEUE" part. Just >>> out of curiosity is it a particular protocol, or does all tcp traffic >>> get dropped? >>> >>> Regards, >>> >>> Will >>> >>> On 11/16/05, Will Metcalf <wil...@gm...> wrote: >>>> Hmmm Are you sure that snort-inline can see the full twh? i.e. are >>>> you queueing both client and server traffic? >>>> >>>> Regards, >>>> >>>> Will >>>> >>>> On 11/16/05, Rob Campbell <rca...@pc...> wrote: >>>>> Hello, >>>>> >>>>> I have been configuring an IPS using snort inline. I am running the >>>>> latest version, 2.4.3RC2. It is running in bridge mode with "iptables >>>>> -A FORWARD -j QUEUE" on the bridge interface. When I have enforce_state >>>>> on, it seems to block all TCP traffic. With a packet capture I do see >>>>> the SYN being sent to the remote host, but I never get any replies. If >>>>> I turn off enforce_state it starts working again. >>>>> >>>>> What are the downsides to turning off enforce_state or stream4inline? >>>>> Thank you. >>>>> >>>>> Rob Campbell >>>>> Pacific Coast Wireless Internet >>>>> >>>>> >>>>> ------------------------------------------------------- >>>>> This SF.Net email is sponsored by the JBoss Inc. Get Certified Today >>>>> Register for a JBoss Training Course. Free Certification Exam >>>>> for All Training Attendees Through End of 2005. For more info visit: >>>>> http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click >>>>> _______________________________________________ >>>>> Snort-inline-users mailing list >>>>> Sno...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/snort-inline-users >>>>> >>> >>> ------------------------------------------------------- >>> This SF.Net email is sponsored by the JBoss Inc. Get Certified Today >>> Register for a JBoss Training Course. Free Certification Exam >>> for All Training Attendees Through End of 2005. For more info visit: >>> http://ads.osdn.com/?ad_idv28&alloc_id845&op=click >>> _______________________________________________ >>> Snort-inline-users mailing list >>> Sno...@li... >>> https://lists.sourceforge.net/lists/listinfo/snort-inline-users |