newbie, 2.2.0a, no packets out of snort-inline

Hello!

Sorry for posting here, but I don't receive any mail from sf.net mail
and can't subscribe to inline list... :-(


I'm starting snort_inline with default config (i.e. from tar.gz), then
I want to check ftp:


iptables -A INPUT -p tcp --dport 21 -j QUEUE

I see that snort_inline get packets:

Received error message 2
11/25-13:14:56.021059 192.168.22.229:33905 -> 192.168.22.229:21
TCP TTL:64 TOS:0x0 ID:34862 IpLen:20 DgmLen:60 DF
******S* Seq: 0xD48E7C41 Ack: 0x0 Win: 0x7FFF TcpLen: 40
TCP Options (5) => MSS: 16396 SackOK TS: 17843826 0 NOP WS: 0

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+=+=+=+=+=+=+=+=+=+=+=+

But there is no ftp

OK, another try:

iptables -A OUTPUT -p tcp --sport 21 -j QUEUE

Received error message 2
11/25-13:16:19.400758 192.168.22.229:21 -> 192.168.22.229:33906
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF
***A**S* Seq: 0xDAE944AD Ack: 0xDB74D628 Win: 0x7FFF TcpLen: 40
TCP Options (5) => MSS: 16396 SackOK TS: 17927226 17924071 NOP WS: 0

No difference.


I tried this on Suse 8.1/x86 with kernel 2.4 and Mandrake 9.2/AMD64
with kernel 2.6- the same result.

Any ideas?