Menu
▾
▴
[Snort-inline-users] snort-inline and join domain problem.
|
From: <tha...@gb...> - 2005-02-24 02:50:48
|
I've a problem about snort-inline to ask. I've installed snort-inline to my network. After plug it, i can see anomally traffic like virus, worm or intrusion detection. Normally, i put it behind my router to see all traffic that went out and come in to my office and it work perfectly. Now, I'm trying to put it in the new place. Putting in front of Domain Controller make every users in my network stuck from loging in to Domain Controller. They can surf webs, read their emails, join irc network or do any downloading from internet so i've no idea where to find the problem. * All of my snort-inline rules are alert and running in bridge mode. This is my IPTables Setting : # # Start IPTables Queue : # echo "Start IPTables Queue Mode ..." /sbin/modprobe ip_queue /sbin/iptables -F /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT /sbin/iptables -A INPUT -i eth0 -j ACCEPT /sbin/iptables -A OUTPUT -o eth0 -j ACCEPT /sbin/iptables -A INPUT -i eth1 -j ACCEPT /sbin/iptables -A OUTPUT -o eth1 -j ACCEPT /sbin/iptables -A INPUT -j QUEUE /sbin/iptables -A OUTPUT -j QUEUE /sbin/iptables -A FORWARD -j QUEUE /sbin/iptables -t mangle -A FORWARD -p tcp --syn -m state --state NEW -j MARK --set-mark 1 /sbin/iptables -t mangle -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j MARK --set-mark 2 /sbin/iptables -I FORWARD -m mark --mark 1 -j QUEUE /sbin/iptables -I FORWARD -m mark --mark 2 -j QUEUE Is this relate to IPTables QUEUE problem ? Do you guys have any ideas about this? Regards, Thanasin |
