[Snort-users] Inline Installation Problem

Michael David michael.d.torino at ...11827...
Fri Jan 20 10:17:30 EST 2017


Hello,

I have setup a Raspberry Pi in inline mode.  I have placed it in between
the cable modem and router with eth0 and eth1 bridged to bridge0, all in
promiscuous mode and no IPs.  I use the built in wireless for management.
Everything seems to function, pulledpork is working, logs and alerts are
generated. However all inbound and outbound access is blocked when
running.  Here are some of the settings I have used.  I am confused about
the daq mode and types.  Using 'snort -i bridge0 -A console' allows viewing
of the traffic and Internet access is not blocked.


#set int to promisc
ip link set eth0 multicast off
ip link set eth0 promisc on
ip link set eth1 multicast off
ip link set eth1 promisc on
ip link set bridge0 multicast off
ip link set bridge0 promisc on

#set int to bridge
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
ifconfig bridge 0 0.0.0
brctl addbr bridge0
brctl addif bridge0 eth0
brctl addif bridge0 eth1
ifconfig bridge0 up

#this is what I am using to start anort
snort -A console -c /etc/snort/snort.conf -Q -i eth0:eth1 --daq afpacket
--daq-mode inline
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170120/eea175ba/attachment.html>


More information about the Snort-users mailing list