[Snort-users] snort inline mode in CentOS 6.6

Abdallah Jabbour abdjbr at ...11827...
Sat May 2 06:46:17 EDT 2015


Hello ,

i have installed snort on CentOS6.6 in a KVM Guest machine , it a router/
firewall using iptables , i followed the installation and configuration
steps and tested the configuration file validity ( using -T command line
arg )


i enabled inline mode :

in configuration file : i added and uncommented the following lines :
 config policy_mode:inline

 config daq: afpacket
 config daq_dir: /usr/lib64/daq/
 config daq_mode: inline
 config daq_var: buffer_size_mb=128

and also in /etc/sysconfig/snort

INTERFACE=eth0:eth1

and start the snort service

the network connection ( locally and to the internet ) is dropped i cannot
ping any host on the network .

i added some rules to /etc/snort/rules/local.rules
to see if alerting is working , i can see alerts being written to
/var/log/snort/alert after i reboot the machine ( since there is no network
connectivity ) .

i know that inline mode will put the network interfaces eth0 and eth1 in
promiscuous mode and will bridge the network connection to get the network
traffic . is there anything i am missing my setup  ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150502/77c68d3a/attachment.html>


More information about the Snort-users mailing list