[Snort-users] Snort inline setup issues (SOLUTION)
adept at ...13938...
Thu Sep 28 16:27:34 EDT 2006
The Adept wrote:
> I am setting up a snort IPS on a Gentoo 2.6 box and I've run into a wall
> getting Snort to pass the packets out of the iptables queue.
> For testing I have the snort box which sits on a 10.x.x.x address, it
> has a dual ethernet card to use for the inline bridge. I have two
> different boxes connected to the dual ethernet card, one with
> 192.168.100.1 as its address and one with 192.168.100.2. The bridge
> (br0) works perfectly with -P FORWARD ACCEPT set and no snort. When I
> change policy to DROP packets are correctly dropped (all protocols).
> When I enable snort, it sees the packets and ICMP works (pings) but tcp
> does not. (log attached below)
> I'm not sure what I'm doing wrong. Everything appears to be set up
> correctly but no tcp sessions are being properly set up. Any suggestions?
> Thanks in advance for any advice.
After two days of hammering on this I recompiled with optimizations
turned off, this solved everything. Responding back to here to let
people know how to resolve since I received no responses off list.
More information about the Snort-users