Sign in to follow this  
Followers 0

iptables and snort...


2 posts in this topic

Posted

I ditched pfSense, not sure why but it was just rubbish.

Anyway, got an arch linux server setup with iptables and snort, snort is all taken care of and is working via nfq and afpacket DAQs in inline mode...

What I'd like to do, however, is use iptables to block some IPs and ports, before allowing the rest of the data to pass on through to snort and then out another ethernet interface to the server(s).

Only problem is, it requires NAT, and me, iptables and the FORWARD/NAT chain don't seem to get on, I've no idea how to go about doing it :(. Looked around the net and came across various examples, but they're all rubbish quite frankly and require you have internal IPs and specify them directly, etc. whereas I want this server to just drop bad traffic and forward it out another interface, so the servers can still use public IPs.

So I'm quite literally stuck and haven't got a CLUE how to do this, any ideas?

Share this post


Link to post
Share on other sites

Posted

I got it working with a LOT of trial and error... Put simply, I won't ever be setting that up again. Done and dusted.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.