[Oisf-users] I did the installation of suricata as an IPS
mouna amani
amani.smiai.insat at gmail.com
Thu Jun 13 08:30:15 UTC 2013
I used NFQ to use surricata as an IPS
I have three machines:
-a host1
-a host2
-an IPS between them
I followed the steps like in the official website
I used iptables -I FORWARD -i eth0 -o eth1 -j NFQUEUE
iptables -I FORWARD -i eth1 -o eth0 -j NFQUEUE and I check with iptables
-vnL
Then I run suricata -c /etct/suricata/suricata.conf -q 0
Everthing went well .I only got a warning "no rules to be loaded from
emerging-icmp.rules":I downloaded the file from web site and it is in the
right place ".
I guess it is only a warning it will not effect the IPS working well ?
Then I tried to ping the host1 from host2 and I got the error destination
unreachable .
I think the IPS is blocking all the trafic including the good want
I configured NFQ to work in accept/drop mode .I think it means that if the
packets are for an attack they will be dropped ??
I really need help because this is for my final project .
What I did wrong and what should I check ?
--
*Amani smiai *
*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130613/00f50985/attachment.html>
More information about the Oisf-users
mailing list