Snort mailing list archives
Re: Snort inline problem
From: James Lay <jlay () slave-tothe-box net>
Date: Sat, 29 Oct 2016 07:13:10 -0600
On Sat, 2016-10-29 at 07:25 +0200, mostafa ammar wrote:
Dear All, I tried a different approach and worked for me, I used tutorial here https://www.youtube.com/watch?v=41HLTF-8omU the difference here is to make snort VM interfaces with ip address and this way snort works as a router between 2 networks , and using iptables to forward traffic to NFQ sudo iptables -I FORWARD -j NFQUEUE --queue-num 0 and running snort using sudo snort --daq nfq --daq-var queue=0 -Q -c snort- 2.9.8.3/etc/snort.conf -v -A console now snort can filter traffic normally and drop or pass traffic according to rules , thanks a lot for your support. On Wed, Oct 19, 2016 at 7:26 PM, mostafa ammar com> wrote:Dear all, i installed snort inline on ubuntu vm. i configured /etc/network/interfaces with the following configuration auto eth2 iface eth2 inet manual up ifconfig eth2 0.0.0.0 up up ip link set eth2 promisc on post-up ethtool -K eth2 gro off post-up ethtool -K eth2 lro off down ip link set eth2 promisc off down ifconfig eth2 down # Second Bridged Interface auto eth3 iface eth3 inet manual up ifconfig eth3 0.0.0.0 up up ip link set eth3 promisc on post-up ethtool -K eth3 gro off post-up ethtool -K eth3 lro off down ip link set eth3 promisc off down ifconfig eth3 down currently ping is passing successfully between 2 interfaces but any other protocol is not passing i tried ssh,rdp,http the session is reset any suggestion how to solve this problem?
Glad you got it solved. James
------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort inline problem mostafa ammar (Oct 19)
- Re: Snort inline problem James Lay (Oct 19)
- Re: Snort inline problem mostafa ammar (Oct 28)
- Re: Snort inline problem James Lay (Oct 29)
- <Possible follow-ups>
- snort inline problem mostafa ammar (Oct 20)
- Re: snort inline problem mostafa ammar (Oct 20)
- Re: snort inline problem James Lay (Oct 20)
- Re: Snort inline problem mostafa ammar (Oct 20)