Menu
▾
▴
Re: [Snort-inline-users] stream4inline and enforce_state
|
From: Will M. <wil...@gm...> - 2005-11-18 21:03:14
|
I'll see if I can reproduce it this weekend On 11/18/05, Rob Campbell <rca...@pc...> wrote: > I have also tried it with just "iptables -A FORWARD -j QUEUE" to make > sure that the specified interfaces wasn't causing a problem. Any ideas > why it's not working with stream4inline and enforce_state? > > Rob Campbell > Pacific Coast Wireless Internet > > Rob Campbell wrote: > > No. That is the only iptables rule I have. The full rule was "iptable= s > > -A FORWARD -i br0 -o br0 -j QUEUE", could that cause any problems? > > > > Rob Campbell > > Pacific Coast Wireless Internet > > > > Will Metcalf wrote: > >> hmmm how odd, you don't have any other entries in your FORWARD chain > >> before you -A FORWARD -j QUEUE entry do you? > >> > >> Regards, > >> > >> Will > >> > >> On 11/17/05, Rob Campbell <rca...@pc...> wrote: > >>> It is happening on web traffic, IMAP traffic, and telnet to various > >>> ports. > >>> > >>> Rob Campbell > >>> Pacific Coast Wireless Internet > >>> > >>> Will Metcalf wrote: > >>>> sorry it's late missed the "iptables -A FORWARD -j QUEUE" part. Jus= t > >>>> out of curiosity is it a particular protocol, or does all tcp traffi= c > >>>> get dropped? > >>>> > >>>> Regards, > >>>> > >>>> Will > >>>> > >>>> On 11/16/05, Will Metcalf <wil...@gm...> wrote: > >>>>> Hmmm Are you sure that snort-inline can see the full twh? i.e. are > >>>>> you queueing both client and server traffic? > >>>>> > >>>>> Regards, > >>>>> > >>>>> Will > >>>>> > >>>>> On 11/16/05, Rob Campbell <rca...@pc...> wrote: > >>>>>> Hello, > >>>>>> > >>>>>> I have been configuring an IPS using snort inline. I am running t= he > >>>>>> latest version, 2.4.3RC2. It is running in bridge mode with > >>>>>> "iptables > >>>>>> -A FORWARD -j QUEUE" on the bridge interface. When I have > >>>>>> enforce_state > >>>>>> on, it seems to block all TCP traffic. With a packet capture I do = see > >>>>>> the SYN being sent to the remote host, but I never get any > >>>>>> replies. If > >>>>>> I turn off enforce_state it starts working again. > >>>>>> > >>>>>> What are the downsides to turning off enforce_state or stream4inli= ne? > >>>>>> Thank you. > >>>>>> > >>>>>> Rob Campbell > >>>>>> Pacific Coast Wireless Internet > >>>>>> > >>>>>> > >>>>>> ------------------------------------------------------- > >>>>>> This SF.Net email is sponsored by the JBoss Inc. Get Certified To= day > >>>>>> Register for a JBoss Training Course. Free Certification Exam > >>>>>> for All Training Attendees Through End of 2005. For more info visi= t: > >>>>>> http://ads.osdn.com/?ad_id=3D7628&alloc_id=3D16845&op=3Dclick > >>>>>> _______________________________________________ > >>>>>> Snort-inline-users mailing list > >>>>>> Sno...@li... > >>>>>> https://lists.sourceforge.net/lists/listinfo/snort-inline-users > >>>>>> > >>>> > >>>> ------------------------------------------------------- > >>>> This SF.Net email is sponsored by the JBoss Inc. Get Certified Toda= y > >>>> Register for a JBoss Training Course. Free Certification Exam > >>>> for All Training Attendees Through End of 2005. For more info visit: > >>>> http://ads.osdn.com/?ad_idv28&alloc_id=16845&op=3Dclick > >>>> _______________________________________________ > >>>> Snort-inline-users mailing list > >>>> Sno...@li... > >>>> https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by the JBoss Inc. Get Certified Today > > Register for a JBoss Training Course. Free Certification Exam > > for All Training Attendees Through End of 2005. For more info visit: > > http://ads.osdn.com/?ad_id=3D7628&alloc_id=3D16845&op=3Dclick > > _______________________________________________ > > Snort-inline-users mailing list > > Sno...@li... > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
