Hi guys,
I really hope that you guys can help me out. I have fedora 3. I have
snort-inline complied and running. I have only the test.rules
uncommented in snort.conf. I have a version of iptables with queue
enabled. I have the following script to set up the bridge and set up
iptables to pass traffic to the queue (see below). It looks like the
packets are not being passed to snort to process. I should see lots
of traffic being logged on my test snort rules but looks like nothing
is being logged. The log files are being created by the way.
I'd really like to know how I can determine if packets are being
passed into the queue by iptables and over to snort. Anyone have any
ideas?
--------------------------------------begin-script---------------------------------------------
#!/bin/sh
brctl addbr br0
ifconfig eth1 0.0.0.0 up -arp
ifconfig eth2 0.0.0.0 up -arp
brctl addif br0 eth1
brctl addif br0 eth2
brctl stp br0 off
ifconfig br0 0.0.0.0 up -arp
modprobe ip_queue
modprobe ipt_LOG
### Support for connection tracking of FTP and IRC.
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
iptables -A INPUT -i eth0 -j ACCEPT
### Enable ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i eth1 -j QUEUE
iptables -A INPUT -i eth2 -j QUEUE
-----------------------------------------end-script-----------------------------------
--
Thanks,
Rich Compton
|
