Jump to content



Photo

iptables and snort...

snort iptables nat

  • Please log in to reply
1 reply to this topic

#1 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 04 May 2012 - 23:46

I ditched pfSense, not sure why but it was just rubbish.
Anyway, got an arch linux server setup with iptables and snort, snort is all taken care of and is working via nfq and afpacket DAQs in inline mode...
What I'd like to do, however, is use iptables to block some IPs and ports, before allowing the rest of the data to pass on through to snort and then out another ethernet interface to the server(s).

Only problem is, it requires NAT, and me, iptables and the FORWARD/NAT chain don't seem to get on, I've no idea how to go about doing it :(. Looked around the net and came across various examples, but they're all rubbish quite frankly and require you have internal IPs and specify them directly, etc. whereas I want this server to just drop bad traffic and forward it out another interface, so the servers can still use public IPs.

So I'm quite literally stuck and haven't got a CLUE how to do this, any ideas?


#2 OP n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 05 May 2012 - 21:01

I got it working with a LOT of trial and error... Put simply, I won't ever be setting that up again. Done and dusted.