Snort mailing list archives
Inline Installation Problem
From: Michael David <michael.d.torino () gmail com>
Date: Fri, 20 Jan 2017 09:17:30 -0600
Hello, I have setup a Raspberry Pi in inline mode. I have placed it in between the cable modem and router with eth0 and eth1 bridged to bridge0, all in promiscuous mode and no IPs. I use the built in wireless for management. Everything seems to function, pulledpork is working, logs and alerts are generated. However all inbound and outbound access is blocked when running. Here are some of the settings I have used. I am confused about the daq mode and types. Using 'snort -i bridge0 -A console' allows viewing of the traffic and Internet access is not blocked. #set int to promisc ip link set eth0 multicast off ip link set eth0 promisc on ip link set eth1 multicast off ip link set eth1 promisc on ip link set bridge0 multicast off ip link set bridge0 promisc on #set int to bridge ifconfig eth0 0.0.0.0 ifconfig eth1 0.0.0.0 ifconfig bridge 0 0.0.0 brctl addbr bridge0 brctl addif bridge0 eth0 brctl addif bridge0 eth1 ifconfig bridge0 up #this is what I am using to start anort snort -A console -c /etc/snort/snort.conf -Q -i eth0:eth1 --daq afpacket --daq-mode inline
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Inline Installation Problem Michael David (Jan 20)
- Re: Inline Installation Problem James Lay (Jan 20)
- Re: Inline Installation Problem Y M (Jan 20)