[Oisf-users] Forwarding Traffic to and from Suricata

Victor Julien lists at inliniac.net
Tue Jun 2 09:48:19 UTC 2015

On 06/01/2015 03:28 PM, Saxena, Samiksha wrote:
> I have a architecture attached, where the internet traffic over SSL is
> received by a load balance, SSL termination server. The server
> terminates the SSL session and forward the request to appropriate
> application server. I want to run suricata (under IPS mode) between the
> load balance server and application servers to monitor L3,4,7 traffic.
> All these application are running as a container within the host. The
> challenge I am facing is to forward the traffic from load balancer
> server to suricata to appropriate application server. Will you please
> help me understand how can I redirect the traffic from load balance
> server to suricata and from suricata to application server, I looked
> online but couldn’t find anything.

If you're using NFQ, you should first make sure things work with just
iptables. Once that works you can start using NFQUEUE rules to pass
traffic to Suricata.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list