Snort mailing list archives
2.3RC2, inline, faq?
From: slesru <slesru () yahoo com>
Date: Mon, 3 Jan 2005 03:09:42 -0800 (PST)
Hello! I want to run snort in inline mode. I wrote: iptables -A FORWARD -m state --state ESTABLISHED,RELATED -p tcp --dport 25 -j QUEUE iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -m state --state NEW -j QUEUE Than I try to access our mail server from another machine: 01/03-14:49:28.313541 192.168.22.27:56426 -> 192.168.6.11:25 TCP TTL:63 TOS:0x10 ID:52212 IpLen:20 DgmLen:52 DF ******S* Seq: 0xF0FC2108 Ack: 0x0 Win: 0x16D0 TcpLen: 32 TCP Options (6) => MSS: 1460 NOP NOP SackOK NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Received error message 2 As you see snort receives packets, but looks like there is no packet output. And some error occure. If I do this with OUTPUT chains I have the same problem: iptables -A OUTPUT -p tcp --dport 80 -j QUEUE Received error message 2 01/03-15:09:16.451249 192.168.22.229:33834 -> 192.168.22.114:80 TCP TTL:64 TOS:0x10 ID:8991 IpLen:20 DgmLen:60 DF ******S* Seq: 0x9888E47 Ack: 0x0 Win: 0x16D0 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 24361233 0 NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Received error message 2 Could you help me? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 2.3RC2, inline, faq? slesru (Jan 03)
- Re: 2.3RC2, inline, faq? Will Metcalf (Jan 03)
- Re: 2.3RC2, inline, faq? slesru (Jan 03)
- Re: 2.3RC2, inline, faq? Will Metcalf (Jan 03)
- Re: 2.3RC2, inline, faq? slesru (Jan 03)
- Re: 2.3RC2, inline, faq? Will Metcalf (Jan 04)
- Re: 2.3RC2, inline, faq? slesru (Jan 04)
- Re: 2.3RC2, inline, faq? Will Metcalf (Jan 04)
- Re: 2.3RC2, inline, faq? slesru (Jan 04)
- Re: 2.3RC2, inline, faq? slesru (Jan 04)
- Re: 2.3RC2, inline, faq? slesru (Jan 06)
- Re: 2.3RC2, inline, faq? slesru (Jan 03)
- Re: 2.3RC2, inline, faq? Will Metcalf (Jan 03)