Support #2139
closedSuricata IPS Inline on a router not working
Description
Hi,
I have configured a GW on Ubuntu connecting LAN to internet, and have Suricata installed on the GW with NFQueue support.
I refered to the link : https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux
If suricata is started input is LAN, I get [wDrop] in fast.log
sudo suricata -c /etc/suricata/suricata.yaml.1 -i enp17s0
If suricata is started input is WAN, nothing is logged in fast.log
suricata -c /etc/suricata/suricata.yaml.1 -i enp0s25
If suricata is started input is WAN, nothing is logged in fast.log
suricata -c /etc/suricata/suricata.yaml.1 -q 0
iptables configuration is:
sudo iptables -t nat -A POSTROUTING -o enp0s25 -j MASQUERADE
sudo iptables -A FORWARD -i enp0s25 -o enp17s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i enp17s0 -o enp0s25 -j ACCEPT
sudo iptables -A FORWARD -j NFQUEUE
iptables status is : iptables -vnL
Chain INPUT (policy ACCEPT 9529 packets, 7388K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2749 909K ACCEPT all -- enp0s25 enp17s0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2995 526K ACCEPT all -- enp17s0 enp0s25 0.0.0.0/0 0.0.0.0/0
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain OUTPUT (policy ACCEPT 8943 packets, 916K bytes)
pkts bytes target prot opt in out source destination
Attached is yaml file.
Regards,
Fuad
Files