[Oisf-users] FreeBSD Suricata in-line

Pablo pablo.rincon.crespo at gmail.com
Tue May 3 08:26:27 UTC 2011

Hi Chris,
how do you start suricata? did you find any errors about ipfw in the logs?
If you set up a ipfw divert socket, then you need an app connected to
it in order to forward packets. Usually, packets are not forwarded if
there's no listening application delegated to allow/deny packets.

2011/5/3 Chris Hunt <chrish.cct at gmail.com>:
> I have been stuck at the setup of Suricata in IPS mode for several days now,
> any help would be immensely appreciated.  My basic procedure is to utilize
> the ports section of BSD to compile Suricata from source with the option for
> IPS.  I wanted to put together an easy to follow guide for a fellow noob
> that included a Suricata engine dumping to unified2 with barnyard2 dumping
> this output to MySQL and BASE as a front-end...  I'm stuck getting the IPS
> to work...
> I'm using the loader.conf functionality to load the firewall module and the
> divert module at boot, I've got 2 interfaces (em0 and em1) and I've added
> the divert rule for port 8000 as rule 2000.  When I try to ping or telnet
> through I get nothing...  Do I need to create a NAT rule to NAT traffic to
> port 8000?
> I've also tried compiling the "options IPFIREWALL" and "options IPDIVERT"
> just to be on the safe side before making this post.
> Regard,
> Chris
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


Best regards,

Pablo Rincón Crespo
Security researcher and developer
Open Information Security Foundation - http://www.openinfosecfoundation.org
Emerging Threats Pro, INC - http://www.emergingthreatspro.com

More information about the Oisf-users mailing list