snort-inline-users

[Snort-inline-users] Please help me

[Yogdutt S. <son...@gm...>]

Hi,

I am new to this group and also new to snort_inline. I am using
snort_inline-2.2.0 and it's compiled for inline mode while configuring
I have provide --enable-inline option. Also installed the iptables
userspace utilities(libipq).

I have tested a simple icmp drop rule as below,

   drop icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP ping
packets dropped";)

I have some doubts in snort_inline please help me to clear them.

1) May I have to recompile my kernel for using snort_inline?

2) For using the snort_inline is it necessory to use honeynet?

3) Please prompt me if I am wrong, I am using snort_inline for
filtering purpose. I have added only one iptables rule as,

   iptables -A INPUT -p tcp --sport 80 -j QUEUE

and a simple rule in local.rules file as,

   alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"Packet from ip_queue");

and then i run the snort_inline,

   snort_inline -Qdvc /etc/snort_inline.conf -l /var/log/snort

After running snort_inline I started to browse the internet but the
site is not loaded.

please tell me what is going wrong.

Thanking you in advance.

-- Yogdutt Sonivadia

Re: [Snort-inline-users] Please help me

[Will M. <wil...@gm...>]

try 

modprobe iptable_nat
modprobe ip_conntrack

and then re-run snort_inline.

Regards,

Will
On Tue, 19 Oct 2004 18:25:03 +0530, Yogdutt Sonivadia
<son...@gm...> wrote:
> Hi,
> 
> I am new to this group and also new to snort_inline. I am using
> snort_inline-2.2.0 and it's compiled for inline mode while configuring
> I have provide --enable-inline option. Also installed the iptables
> userspace utilities(libipq).
> 
> I have tested a simple icmp drop rule as below,
> 
>   drop icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP ping
> packets dropped";)
> 
> I have some doubts in snort_inline please help me to clear them.
> 
> 1) May I have to recompile my kernel for using snort_inline?
> 
> 2) For using the snort_inline is it necessory to use honeynet?
> 
> 3) Please prompt me if I am wrong, I am using snort_inline for
> filtering purpose. I have added only one iptables rule as,
> 
>   iptables -A INPUT -p tcp --sport 80 -j QUEUE
> 
> and a simple rule in local.rules file as,
> 
>   alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"Packet from ip_queue");
> 
> and then i run the snort_inline,
> 
>   snort_inline -Qdvc /etc/snort_inline.conf -l /var/log/snort
> 
> After running snort_inline I started to browse the internet but the
> site is not loaded.
> 
> please tell me what is going wrong.
> 
> Thanking you in advance.
> 
> -- Yogdutt Sonivadia
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
> Use IT products in your business? Tell us what you think of them. Give us
> Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
> http://productguide.itmanagersjournal.com/guidepromo.tmpl
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>