Snort mailing list archives

Re: Trouble with Snort --enable-inline

From: Will Metcalf <william.metcalf () gmail com>
Date: Tue, 9 Jun 2009 15:14:23 -0500

I don't see where you are sending traffic to snort You need to send
traffic to snort via ipqueue.  That is if your bridge is working
properly.

iptables -I FORWARD -j QUEUE

Regards,

Will

On Tue, Jun 9, 2009 at 2:27 PM, Oscar Mauricio Benavidez
Suarez<obenavidez () gmail com> wrote:

Well, i want to make a simulation in some Virtual machines, i begin with the
Debian and snort inline, for the moment, i try ti capture some traffic from
the network of my work, the virtual machine be in my laptop, and y try to
put this on the birged mode, adding an ethernet virtual interface, and put
de two on a bridge like this


#modprobe bridge


#apt-get install bridge-utils

i configured the /etc/network/interfaces file


# /etc/network/interfaces file
 #
 # Loopback interface
 auto lo
      iface lo inet loopback
 #
 # Configure the bridge
 auto br0
 iface br0 inet static
      address 192.168.0.191
      netmask 255.255.255.0
      broadcast 192.168.0.255
      gateway 192.168.0.254
    # Ports you want to add to your bridge
    bridge_ports eth0 eth1
    # Time to wait before loading the bridge
    bridge_maxwait 0


then restart network services

/etc/init.d/networking restart

and then
tail -f /var/log/syslog

but the network collapse, the entire network of mi work, a can't say why,
but inmmediately i pause the virtual machine and then all becomes to
normality.

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Trouble with Snort --enable-inline Oscar Mauricio Benavidez Suarez (Jun 09)
- Re: Trouble with Snort --enable-inline Ryan Jordan (Jun 09)
- Re: Trouble with Snort --enable-inline Will Metcalf (Jun 09)
- Re: Trouble with Snort --enable-inline Oscar Mauricio Benavidez Suarez (Jun 09)
  - Re: Trouble with Snort --enable-inline Will Metcalf (Jun 09)
- Re: Trouble with Snort --enable-inline Oscar Mauricio Benavidez Suarez (Jun 09)
- Re: Trouble with Snort --enable-inline Oscar Mauricio Benavidez Suarez (Jun 10)
  - Re: Trouble with Snort --enable-inline Will Metcalf (Jun 10)
- Re: Trouble with Snort --enable-inline Oscar Mauricio Benavidez Suarez (Jun 10)