[Snort-inline-users] Re :Re: Problem while running snort_inline

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

yeh sure...my iptable rules areiptables -p tcp -A OUTPUT --sport 80 -j NFQUEUE --queue-num 100iptables -p tcp -A INPUT --dport 80 -j NFQUEUE --queue-num 100snort rule ispass tcp any any &lt;&gt; 172.30.11.120/32 80stream4 settings arepreprocessor stream4:&nbsp;&nbsp; disable_evasion_alerts, \&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stream4inline, \&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; enforce_state pass, \&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; memcap 100000000, \&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; timeout 3600, \&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; truncate, \&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; window_size 3000preprocessor stream4_reassemble: both, ports "default", favor_newmy HTTP configs arepreprocessor http_inspect: global \&nbsp;&nbsp; iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default \&nbsp;&nbsp;&nbsp; profile all ports { 80 8080 8180 } oversize_dir_length 500Actually I&nbsp; tried disabling all stream4 configs and HTTP configs but it wasn't working.On Tue, 20 May 2008 12:26:20 +0200 Victor Julien wroteI suspect there is some state issue here. Could you show us the iptablesrules, relevant snort rules and your stream4/5 settings?Regards,Victorvishal_nitr wrote:&gt; Hi ALL,&gt; I am running snort in inline mode on a HTTP server by using&gt; NFQUEUE. I have two queues for HTTP traffic destined to this server&gt; one for incoming requests and another for responses given by this&gt; server to client.&gt; when I am sending HTTP request from a client with both the queues&gt; present; TCP connection is getting established, GET request is coming&gt; to server and acknowledgement is also reaching to client but 200 OK&gt; packets are not reaching to client. Packets are dropped by snort as&gt; it's a pass rule.&gt;&gt; I suspect it as a some configuration issue.&gt;&gt; Please help me resolve this issue.&gt;&gt; Thanks&gt; vishal&gt;&gt; Thanks and Regards,&gt; Vishal Kotalwar,&gt; Software Engineer,&gt; Aricent,&gt; Chennai-35.&gt; 09884074047.&gt; IPL&gt; &gt;&gt;&gt; ------------------------------------------------------------------------&gt;&gt; -------------------------------------------------------------------------&gt; This SF.net email is sponsored by: Microsoft &gt; Defy all challenges. Microsoft(R) Visual Studio 2008. &gt; http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/&gt; ------------------------------------------------------------------------&gt;&gt; _______________________________________________&gt; Snort-inline-users mailing list&gt; Sno...@li...&gt; https://lists.sourceforge.net/lists/listinfo/snort-inline-users&gt; -------------------------------------------------------------------------This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________Snort-inline-users mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/snort-inline-users

Thanks and Regards,
Vishal Kotalwar,
Software Engineer,
Aricent,
Chennai-35.
09884074047.