[Oisf-users] Make a Ubuntu as a gateway router + Suricata inline probe.
Liao Zhuodi
liao_zd at foxmail.com
Thu Jan 22 10:38:04 UTC 2015
Hi guys,
I have a ubuntu box works as a router already (following this instruction: https://help.ubuntu.com/community/Router ),
and install Suricata 2.1beta2 with NFQueue support, but I a problem to make it work as inline mode ( instruction here - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux ), from "fast.log" I can see alert or [wDrop], but the packages are not dropped, so i guess it must be some problem with my suricata settings.
WAN: wlan0 - internet(wireless)
LAN: eth0 - intranet gateway(IP: 10.10.10.1)
my NIC setting:
# /etc/network/interfaces
auto lo eth0 wlan0
iface lo inet loopback
# eth0/LAN network
iface eth0 inet static
address 10.10.10.1
netmask 255.255.255.0
The iptables works as router is:
$ sudo iptables -vnL
Chain INPUT (policy ACCEPT 542 packets, 54986 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
27284 25M ACCEPT all -- wlan0 eth0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
27753 4702K ACCEPT all -- eth0 wlan0 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
Chain OUTPUT (policy ACCEPT 372 packets, 212K bytes)
pkts bytes target prot opt in out source destination
But once I add this NFQUEUE to the rules, or flush other rules and use this rule only, the router doesn't work, intranet computer can't access internet.
sudo iptables -I FORWARD -j NFQUEUE
Seems that traffic never go to NFQUEUE target, How can i make this IPS/inline suricata work and router functional as well? thanks
liao zhuodi
liao_zd at foxmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150122/bade0f37/attachment.html>
More information about the Oisf-users
mailing list