Re: [Snort-inline-users] low traffic from debian or ubuntu throughsnort inline

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

If i disabled snort, the problem stop. 

-----Message d'origine-----
De : Alain DEGUILLE [mailto:ade...@sq...] 
Envoyé : mardi 15 juillet 2008 09:45
À : 'Eric Leblond'
Cc : 'sno...@li...'
Objet : RE: [Snort-inline-users] low traffic from debian or ubuntu
throughsnort inline

Hi,

my kernel : 2.6.18-53.1.13.el5PAE

thx

-----Message d'origine-----
De : Eric Leblond [mailto:er...@in...]
Envoyé : samedi 12 juillet 2008 00:56
À : Alain DEGUILLE
Cc : sno...@li...
Objet : Re: [Snort-inline-users] low traffic from debian or ubuntu
throughsnort inline

Hi,

On Friday, 2008 July 11 at 15:42:52 +0200, Alain DEGUILLE wrote:
> Hello,
>  
> I'm using snort inline (snort_inline-2.6.1.5) on my firewall (Linux 
> Redhat Entreprise 5) with iptable, to secure my web server on dmz.
> It works very well, except when http client comes from Linux Debian or 
> Ubuntu. There traffic are very slowly.
>  
> Do you know this problem ?

Which kernel are you using ? 2.6.22.x with X < 4 has a problem when
nfqueuing packet with some specific packet size.

Cordialement,
--
Eric Leblond
INL: http://www.inl.fr/
NuFW: http://www.nufw.org/