Menu
▾
▴
Re: [Snort-inline-users] Queued tcp packets not going through
|
From: Will M. <wil...@gm...> - 2004-10-13 02:11:59
|
What does your snort_inline.conf look like? It sounds like you might
be using forceiptstate without using marks in iptables to track state.
Really can't say without seeing your snort_inline.conf and how your
snort_inline box sits in relation to the rest of your network.
iptables -t mangle -A FORWARD -p tcp --syn -m state --state
NEW -j MARK --set-mark 1
iptables -t mangle -A FORWARD -p tcp -m state --state
ESTABLISHED -j MARK --set-mark 2
iptables -A FORWARD -j QUEUE
Regards,
Will
On Tue, 12 Oct 2004 19:55:54 -0400, Swaminathan Srinivasan
<ssr...@cs...> wrote:
> hi all
> I am new to snort-inline or even snort. I have been trying to get snort
> inline(version 2.2.0 build 30) work on my machine for a very basic setup.
> I wanted all the packets in and out of my machine to go through snort
>
> so I setup my iptables with these 2 rules (only these 2 rules)
> iptables -A INPUT -j QUEUE
> iptables -A OUTPUT -j QUEUE
>
> Then I start my snort inline as
> snort_inline -Qvc /etc/snort-inline/snort_inline.conf -l /var/log/snort
>
> I see my icmp and udp packets get through but not none of my tcp sessions(I
> tried web and ssh) are intiated. I don't even see SYN packets
>
> I have used the sample snort_inline config file available with the distribution
> with some changes to turning on preprocessors
>
> What am I missing ?
>
> thanks
> Swami
>
> --
>
>
>
|
