snort inline mode in CentOS 6.6

[Abdallah Jabbour <abdjbr () gmail com>]

Hello ,

i have installed snort on CentOS6.6 in a KVM Guest machine , it a router/
firewall using iptables , i followed the installation and configuration
steps and tested the configuration file validity ( using -T command line
arg )


i enabled inline mode :

in configuration file : i added and uncommented the following lines :
 config policy_mode:inline

 config daq: afpacket
 config daq_dir: /usr/lib64/daq/
 config daq_mode: inline
 config daq_var: buffer_size_mb=128

and also in /etc/sysconfig/snort

INTERFACE=eth0:eth1

and start the snort service

the network connection ( locally and to the internet ) is dropped i cannot
ping any host on the network .

i added some rules to /etc/snort/rules/local.rules
to see if alerting is working , i can see alerts being written to
/var/log/snort/alert after i reboot the machine ( since there is no network
connectivity ) .

i know that inline mode will put the network interfaces eth0 and eth1 in
promiscuous mode and will bridge the network connection to get the network
traffic . is there anything i am missing my setup  ?

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!