[Snort-users] Snort inline with Squid

James Lay jlay at ...13475...
Fri Apr 24 07:58:59 EDT 2015


On Fri, 2015-04-24 at 09:33 +0200, Robert Lasota wrote:

> Hi,
> 
>  
> 
> Well, I have problem with running this both apps together on router.
> Snort (as IPS) inline gets traffic from iptables (QUEUE option), and
> Squid transparent also (from PREROUTING), and it turned out there is
> problem to rinning both in that case. I tried these combinations of
> iptables:
> 
>  
> 
> # for Snort
> 
> $iptables -I FORWARD -p tcp --dport 80 -j QUEUE
> 
> # for Squid
> $iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
> 3128
> 
>  
> 
> $iptables -I FORWARD -p tcp --dport 80 -j QUEUE
> $iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port
> 3128
> 
>  
> 
> $iptables -I OUTPUT -p tcp --dport 80 -j QUEUE
> $iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
> 3128
> 
>  
> 
> .. and nothing. In all cases or Squid doesn't work or Snort.
> 
>  
> 
> Does somebody have any idea how to solve this difficult case ? I would
> be appreciated.
> 
> Robert
> 
>  
> 
>  
> 
> 
> 
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud 
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


Two interfaces?  One internal net, one external net?

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150424/fb5ccad4/attachment.html>


More information about the Snort-users mailing list