<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>
<html><head><meta http-equiv="Content-Type" content="text/html;charset=us-ascii">
<style>BODY{font:10pt Tahoma,Verdana,sans-serif} .MsoNormal{line-height:120%;margin:0}</style></head><body>
I did turn on ip forwarding but the only way I could get traffic flowing from ethernet port to ethernet was by enabling bridging between ports.<br><br>I thought bridging was wrong.<br><br>Thanks.<br><br>Leonard<div><br></div><div><br></div><div><br></div><blockquote style="padding-left: 5px; margin-left: 5px; border-left: #0000ff 2px solid; margin-right: 0px"><hr><b>From:</b> Eric Leblond [mailto:eric@regit.org]<br><b>To:</b> Leonard Jacobs [mailto:ljacobs@netsecuris.com], oisf-users@lists.openinfosecfoundation.org [mailto:oisf-users@lists.openinfosecfoundation.org]<br><b>Sent:</b> Wed, 18 Nov 2015 01:02:40 -0600<br><b>Subject:</b> Re: [Oisf-users] Trouble with NFQUEUE IPS Mode<br><br>Hi,<br>
<br>
On Tue, 2015-11-17 at 18:11 -0600, Leonard Jacobs wrote:<br>
> I set up Suricata in NFQUEUE with the following IPTABLES<br>
> configuration:<br>
> <br>
> Chain INPUT (policy ACCEPT 107K packets, 152M bytes)<br>
> pkts bytes target prot opt in out source <br>
> destination<br>
> <br>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)<br>
> pkts bytes target prot opt in out source <br>
> destination<br>
> 0 0 NFQUEUE all -- p3p1 p2p1 0.0.0.0/0 <br>
> 0.0.0.0/0 NFQUEUE num 0<br>
> 0 0 NFQUEUE all -- p2p1 p3p1 0.0.0.0/0 <br>
> 0.0.0.0/0 NFQUEUE num 0<br>
> 0 0 NFQUEUE all -- p1p1 eth0 0.0.0.0/0 <br>
> 0.0.0.0/0 NFQUEUE num 0<br>
> 0 0 NFQUEUE all -- eth0 p1p1 0.0.0.0/0 <br>
> 0.0.0.0/0 NFQUEUE num 0<br>
<br>
All counters are 0. So no traffic has been handle by Suricata. Did you<br>
activate ip_forward ?<br>
<br>
++<br>
-- <br>
Eric Leblond <<a href="mailto:eric@regit.org">eric@regit.org</a>><br>
<br>
<br>
</blockquote><style>
</style>
</body></html>