Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort inline with Squid

From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 24 Apr 2015 05:58:59 -0600
On Fri, 2015-04-24 at 09:33 +0200, Robert Lasota wrote:


Hi,

 

Well, I have problem with running this both apps together on router.
Snort (as IPS) inline gets traffic from iptables (QUEUE option), and
Squid transparent also (from PREROUTING), and it turned out there is
problem to rinning both in that case. I tried these combinations of
iptables:

 

# for Snort

$iptables -I FORWARD -p tcp --dport 80 -j QUEUE

# for Squid
$iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
3128

 

$iptables -I FORWARD -p tcp --dport 80 -j QUEUE
$iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port
3128

 

$iptables -I OUTPUT -p tcp --dport 80 -j QUEUE
$iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
3128

 

.. and nothing. In all cases or Squid doesn't work or Snort.

 

Does somebody have any idea how to solve this difficult case ? I would
be appreciated.

Robert

 

 



------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



Two interfaces?  One internal net, one external net?

James

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: