Menu
▾
▴
[Snort-inline-users] Snort Inline dropping everything
|
From: Isaac C. <ic...@ho...> - 2004-07-26 06:31:59
|
<html><div style='background-color:'><DIV class=RTE> <P>Hello all,</P> <P>I'm having some problems with getting snort inline to let any packets through. I'm using just on one computer that hooked right to the internet, and am trying to deploy it as an IPS (for that one computer). Anyways, while it is running every packet sent to QUEUE by iptables is just dropped regardless of if it matches a rule or not. The one workaround to this that I found was to stop snort inline from switching from root (removing the -u and -g from the command line when it's run) which causes snort inline to work (mostly) as antisipated. (It still drops some packets without creating log entires, but most things work.)</P> <P>When I have it run not as root all packets that don't match any rule are dropped (and not logged,) but if a packet does match a rule it is logged (and obviously dropped) so it can't be a problem with the packets getting to snort inline. Also, the firewall couldn't be the problem (if QUEUEs are changed to ACCEPTs everything works fine.)</P> <P>Anyways, i thought that this was probably a configuration error, and so tried changing everything in my snort.conf file - tried running snort inline with no rules, or just one rule, or all the rules i wanted; tried chaging preprocessors and varibles - same result for everything. Next I tried updating (2.1.1 had been the most recent gentoo ebuild) to 2.1.3b which also had no effect on the problem.</P> <P>So, my question is, what do i do to get snort inline to work, or is the only option to have snort inline run as root the entire time? If any more information is needed to figure out what's wrong just ask, that's all I could think of.</P> <P>Thanks</P></DIV></div><br clear=all><hr> <a href="http://g.msn.com/8HMBENUS/2752??PS=47575">Express yourself instantly with MSN Messenger! Download today - it's FREE!</a> </html> |
