Suricata

Hi Victor/Peter,

This is to inform you that Suricata is a great product and would like to thanks for it. Moreover, I am working on using Suricata IPS on my network environment. For that I have installed the application in IPS mode and enabled NFQueue.

Now I am stuck at the physical connectivity part. The appliance I have installed has 3 nic card and I have dedicated 1 interface for management which has IP assigned to it. on the other hand 1 nic is directly connected to my desktop and other nic is connected to lan/outside where the internet is working.

nic2: connected to Desktop
nic3: connected to lan/outside
sudo iptables -I FORWARD -i nic2 -o nic3 -j NFQUEUE
sudo iptables -I FORWARD -i nic3 -o nic2 -j NFQUEUE

Now desktop is not forwarding traffic to nic 3 and not able to connecte to lan/outside.

Could you assist us here as how the IPS setup works. Or I am missing some silly point. I always has the impression that IPS works inline, which means the appliance will sit between point A to point B if we want to monitor the traffic between them.

Thanks for your help in advance.

Regards,
Mustaque