S
Shivaramakrishnan
Hi,
I have installed the latest version of snort and want to run in inline mode and I have been having problems in accessing the machine once I change the iptables entries.I am able to start the snort with no issues.But as soon as I change the iptables, I am no longer able to access it.Here is the iptables commands that I use.
iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -j QUEUE
iptables -A FORWARD -j QUEUE
iptables -A OUTPUT -j QUEUE
snort -Q daq afpacket daq-mode inline -i eth0:eth1 - u snort -g snort -c /etc/snort/snort.conf
Snort version : 2.9.6.0
daq version : 2.0.2
If I try to run snort with daq mode as ipq or nfq, I get daq module not found.Though I see those modules built.
Build AFPacket DAQ module :Yes
Build IPFW DAQ module :Yes
Build IPQ DAQ module :Yes
Build NFQ DAQ module :Yes
Build PCAP DAQ module : Yes
Any help in this regard is greatly appreciated.
Continue reading...
I have installed the latest version of snort and want to run in inline mode and I have been having problems in accessing the machine once I change the iptables entries.I am able to start the snort with no issues.But as soon as I change the iptables, I am no longer able to access it.Here is the iptables commands that I use.
iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -j QUEUE
iptables -A FORWARD -j QUEUE
iptables -A OUTPUT -j QUEUE
snort -Q daq afpacket daq-mode inline -i eth0:eth1 - u snort -g snort -c /etc/snort/snort.conf
Snort version : 2.9.6.0
daq version : 2.0.2
If I try to run snort with daq mode as ipq or nfq, I get daq module not found.Though I see those modules built.
Build AFPacket DAQ module :Yes
Build IPFW DAQ module :Yes
Build IPQ DAQ module :Yes
Build NFQ DAQ module :Yes
Build PCAP DAQ module : Yes
Any help in this regard is greatly appreciated.
Continue reading...