Hello Group,
I am having a problem with snort_inline(IPS), may be anyone of u knows it..
I am currently working on snort_inline but not able to configure it.., I don't know whats the mistake..May be u help me..
I have 2 NIC in my system & its running in bridge mode, the both NIC is runnning in prosmisicous mode.
The 1 NIC is connected to our Network , i.e it is connected with internet using another PROXY SERVER , where as my 2nd NIC is connected to the other comuputer using a cross cable.
I gave the following command in my syste having 2 NIC as discussed above as
#iptables -A OUTPUT -p tcp -j QUEUE
now I am running snort_inline like this
#snort_inline -Qc tcp.rules
where in tcp.rules is a rule file where ,i make a entry as
drop tcp any any -> any any ( msg : "DROPING PACKETS")
now its getting packets from IP TABLES QUEUE but still i can open any web-site from my other computer i.e which is connected to my system with cross cable (as discussed above) , but in rule i am defining that drop these packets...but still it opens how?
so what is the mistake here..,Please help me. I will be very grateful to you.
Thx in Advance..
Gaurav
