Menu
▾
▴
Re: [Snort-inline-users] Queued tcp packets not going through
|
From: Justin A. <JA...@ua...> - 2004-10-13 17:30:50
|
On Tue, 2004-10-12 at 19:55, Swaminathan Srinivasan wrote: > hi all > I am new to snort-inline or even snort. I have been trying to get snort > inline(version 2.2.0 build 30) work on my machine for a very basic > setup. > I wanted all the packets in and out of my machine to go through snort > > so I setup my iptables with these 2 rules (only these 2 rules) > iptables -A INPUT -j QUEUE > iptables -A OUTPUT -j QUEUE try iptables -L -n -v, you should see the counters on the QUEUE rule increasing with each packet. my guess is that you wanted iptables -A FORWARD -j QUEUE rather than the 2 above > Then I start my snort inline as > snort_inline -Qvc /etc/snort-inline/snort_inline.conf -l > /var/log/snort > > I see my icmp and udp packets get through but not none of my tcp > sessions(I > tried web and ssh) are intiated. I don't even see SYN packets > > I have used the sample snort_inline config file available with the > distribution > with some changes to turning on preprocessors > > What am I missing ? > > > thanks > Swami -- -- Justin Azoff -- Network Performance Analyst |
