2.3RC2, inline, faq?

[slesru <slesru () yahoo com>]

Hello!

I want to run snort in inline mode.

I wrote:

iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -p tcp --dport 25 -j QUEUE
iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -m state --state
NEW -j QUEUE

Than I try to access our mail server from another
machine:

01/03-14:49:28.313541 192.168.22.27:56426 ->
192.168.6.11:25
TCP TTL:63 TOS:0x10 ID:52212 IpLen:20 DgmLen:52 DF
******S* Seq: 0xF0FC2108  Ack: 0x0  Win: 0x16D0 
TcpLen: 32
TCP Options (6) => MSS: 1460 NOP NOP SackOK NOP WS: 0
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Received error message 2

As you see snort receives packets, but looks like
there is no packet output.
And some error occure.

If I do this with OUTPUT chains I have the same
problem:

iptables -A OUTPUT -p tcp --dport 80 -j QUEUE


Received error message 2
01/03-15:09:16.451249 192.168.22.229:33834 ->
192.168.22.114:80
TCP TTL:64 TOS:0x10 ID:8991 IpLen:20 DgmLen:60 DF
******S* Seq: 0x9888E47  Ack: 0x0  Win: 0x16D0 
TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 24361233 0 NOP
WS: 0
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Received error message 2


Could you help me?





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users