Menu
▾
▴
[Snort-inline-users] Snort-inline not seeing packets?
|
From: Richard C. <ric...@gm...> - 2005-02-15 23:49:50
|
Hi guys, I really hope that you guys can help me out. I have fedora 3. I have snort-inline complied and running. I have only the test.rules uncommented in snort.conf. I have a version of iptables with queue enabled. I have the following script to set up the bridge and set up iptables to pass traffic to the queue (see below). It looks like the packets are not being passed to snort to process. I should see lots of traffic being logged on my test snort rules but looks like nothing is being logged. The log files are being created by the way. I'd really like to know how I can determine if packets are being passed into the queue by iptables and over to snort. Anyone have any ideas? --------------------------------------begin-script--------------------------------------------- #!/bin/sh brctl addbr br0 ifconfig eth1 0.0.0.0 up -arp ifconfig eth2 0.0.0.0 up -arp brctl addif br0 eth1 brctl addif br0 eth2 brctl stp br0 off ifconfig br0 0.0.0.0 up -arp modprobe ip_queue modprobe ipt_LOG ### Support for connection tracking of FTP and IRC. modprobe ip_conntrack_ftp modprobe ip_conntrack_irc iptables -A INPUT -i eth0 -j ACCEPT ### Enable ip_forward echo "1" > /proc/sys/net/ipv4/ip_forward iptables -A INPUT -i eth1 -j QUEUE iptables -A INPUT -i eth2 -j QUEUE -----------------------------------------end-script----------------------------------- -- Thanks, Rich Compton |
