[Snort-inline-users] newbie, 2.2.0a, no packets out of snort

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello!

I'm starting snort_inline with default config (i.e. from tar.gz), then I 
want to check ftp:

iptables -A INPUT -p tcp --dport 21 -j QUEUE

I see that snort_inline get packets:

Received error message 2
11/25-13:14:56.021059 192.168.22.229:33905 -> 192.168.22.229:21
TCP TTL:64 TOS:0x0 ID:34862 IpLen:20 DgmLen:60 DF
******S* Seq: 0xD48E7C41  Ack: 0x0  Win: 0x7FFF  TcpLen: 40
TCP Options (5) => MSS: 16396 SackOK TS: 17843826 0 NOP WS: 0

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

But there is no ftp :-(

OK, another try:

iptables -A OUTPUT -p tcp --sport 21 -j QUEUE

Received error message 2
11/25-13:16:19.400758 192.168.22.229:21 -> 192.168.22.229:33906
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0xDAE944AD  Ack: 0xDB74D628  Win: 0x7FFF  TcpLen: 40
TCP Options (5) => MSS: 16396 SackOK TS: 17927226 17924071 NOP WS: 0

No difference.

I tried this on Suse 8.1/x86 with kernel 2.4 and Mandrake 9.2/AMD64 with 
kernel 2.6- the same result.

Any ideas?