[Oisf-users] FreeBSD Suricata in-line
Pablo
pablo.rincon.crespo at gmail.com
Tue May 3 08:26:27 UTC 2011
Hi Chris,
how do you start suricata? did you find any errors about ipfw in the logs?
If you set up a ipfw divert socket, then you need an app connected to
it in order to forward packets. Usually, packets are not forwarded if
there's no listening application delegated to allow/deny packets.
2011/5/3 Chris Hunt <chrish.cct at gmail.com>:
> I have been stuck at the setup of Suricata in IPS mode for several days now,
> any help would be immensely appreciated. My basic procedure is to utilize
> the ports section of BSD to compile Suricata from source with the option for
> IPS. I wanted to put together an easy to follow guide for a fellow noob
> that included a Suricata engine dumping to unified2 with barnyard2 dumping
> this output to MySQL and BASE as a front-end... I'm stuck getting the IPS
> to work...
>
> I'm using the loader.conf functionality to load the firewall module and the
> divert module at boot, I've got 2 interfaces (em0 and em1) and I've added
> the divert rule for port 8000 as rule 2000. When I try to ping or telnet
> through I get nothing... Do I need to create a NAT rule to NAT traffic to
> port 8000?
>
> I've also tried compiling the "options IPFIREWALL" and "options IPDIVERT"
> just to be on the safe side before making this post.
>
>
> Regard,
>
> Chris
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
--
Best regards,
--
Pablo Rincón Crespo
Security researcher and developer
Open Information Security Foundation - http://www.openinfosecfoundation.org
Emerging Threats Pro, INC - http://www.emergingthreatspro.com
@PabloForThePPL
------------------------------------
More information about the Oisf-users
mailing list