[Oisf-users] Trouble with NFQUEUE IPS Mode
Leonard Jacobs
ljacobs at netsecuris.com
Wed Nov 18 11:34:29 UTC 2015
I did turn on ip forwarding but the only way I could get traffic flowing from ethernet port to ethernet was by enabling bridging between ports.
I thought bridging was wrong.
Thanks.
Leonard
_____
From: Eric Leblond [mailto:eric at regit.org]
To: Leonard Jacobs [mailto:ljacobs at netsecuris.com], oisf-users at lists.openinfosecfoundation.org [mailto:oisf-users at lists.openinfosecfoundation.org]
Sent: Wed, 18 Nov 2015 01:02:40 -0600
Subject: Re: [Oisf-users] Trouble with NFQUEUE IPS Mode
Hi,
On Tue, 2015-11-17 at 18:11 -0600, Leonard Jacobs wrote:
> I set up Suricata in NFQUEUE with the following IPTABLES
> configuration:
>
> Chain INPUT (policy ACCEPT 107K packets, 152M bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 NFQUEUE all -- p3p1 p2p1 0.0.0.0/0
> 0.0.0.0/0 NFQUEUE num 0
> 0 0 NFQUEUE all -- p2p1 p3p1 0.0.0.0/0
> 0.0.0.0/0 NFQUEUE num 0
> 0 0 NFQUEUE all -- p1p1 eth0 0.0.0.0/0
> 0.0.0.0/0 NFQUEUE num 0
> 0 0 NFQUEUE all -- eth0 p1p1 0.0.0.0/0
> 0.0.0.0/0 NFQUEUE num 0
All counters are 0. So no traffic has been handle by Suricata. Did you
activate ip_forward ?
++
--
Eric Leblond <eric at regit.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151118/8ae1e3a8/attachment-0002.html>
More information about the Oisf-users
mailing list