Support #1859
closedSuricata IPS Physical connectivity
Description
Hi Victor/Peter,
This is to inform you that Suricata is a great product and would like to thanks for it. Moreover, I am working on using Suricata IPS on my network environment. For that I have installed the application in IPS mode and enabled NFQueue.
Now I am stuck at the physical connectivity part. The appliance I have installed has 3 nic card and I have dedicated 1 interface for management which has IP assigned to it. on the other hand 1 nic is directly connected to my desktop and other nic is connected to lan/outside where the internet is working.
nic2: connected to Desktop
nic3: connected to lan/outside
sudo iptables -I FORWARD -i nic2 -o nic3 -j NFQUEUE
sudo iptables -I FORWARD -i nic3 -o nic2 -j NFQUEUE
Now desktop is not forwarding traffic to nic 3 and not able to connecte to lan/outside.
Could you assist us here as how the IPS setup works. Or I am missing some silly point. I always has the impression that IPS works inline, which means the appliance will sit between point A to point B if we want to monitor the traffic between them.
Thanks for your help in advance.
Regards,
Mustaque
Updated by Andreas Herz over 7 years ago
The first simple task would be to check if the counter for those NFQUEUE rules is increasing when you send traffic. You should also make sure that the traffic is passed in general through this machine.
How do you start/run suricata on that machine?
Updated by Victor Julien about 7 years ago
- Status changed from New to Closed
- Assignee deleted (
Peter Manev) - Target version deleted (
TBD)