[Snort-inline-users] snort-inline 2.2.0a issue after upgrading from 2.1.1

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

	I just updated a Debian testing box that was running snort-inline 2.1.1 (I
debianized it using the snort 2.0.0 packages as a template) to snort-inline
2.2.0a and have been having issues with traffic not flowing.

	Nothing else changed, in regards to the kernel, etc. but one of my internal
linux boxes can no longer get out to the next.  The minute I take the bridge out
of the mix, then it works again.  Rolling back to snort-inline 2.1.1 also works.

	I'm attaching the snort-inline.conf file I was using under 2.1.1 (which I was
still using after upgrading to 2.2.0a before grabbing the file from the 2.2.0a
tarball and trying it) to see if anyone can see any issues.

	Using tcpdump, I can see the traffic hit the bridge and appear to go out, but I
never get any return.  The firewall on the other side of the bridge doesn't see
the traffic, so snort-inline is dropping it but not logging it.

	The weird thing is that all the other machines in the network (Win2k, WinXP or
Linux) are all working fine.  It's just the one central linux proxy that is
having issues.

	Even weirder is ssh traffic being dnat'ed into the internal linux box, through
the bridge works fine!

	I'm not using ALL in the SNORT_HOME_NET variable and have updated my rules
using oinkmaster to be the 2.2 series latest, keeping my rule deletions, etc.

	Any hints are appreciated.

- --
James A. Pattie
ja...@pc...

Linux -- SysAdmin / Programmer
Xperience, Inc.
http://www.pcxperience.org/

GPG Key Available at http://www.pcxperience.com/gpgkeys/james.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBnSZ/tUXjwPIRLVERArdZAJ4r7rmhQXbvf7IwkI9UQk8ClXL05QCg0WIM
KUNglQKmw0YN/Zep2XB+XGA=
=5vPN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.