[Oisf-users] suricata inline
mostafa ammar
mostafaammar79 at gmail.com
Sat Oct 22 09:15:41 UTC 2016
Dear All,
i installed suricata as a vm on xenserver hypervisor to work as inline ips
between VM , I added 3 interfaces to VM ,one management and 2 interfaces
sensing , one in vlan 9 and another in vlan 10 (interface eth2,eth3)
i installed suricata with NFqueue support and when running with
sudo suricata -c /home/ubuntu/suricata-3.1/suricata.yaml -q 0
it runs successfully
I added the following to /etc/network/interface
auto eth2
iface eth2 inet manual
up ifconfig eth2 0.0.0.0 up
up ip link set eth2 promisc on
post-up ethtool -K eth2 gro off
post-up ethtool -K eth2 lro off
down ip link set eth2 promisc off
down ifconfig eth2 down
# Second Bridged Interface
auto eth3
iface eth3 inet manual
up ifconfig eth3 0.0.0.0 up
up ip link set eth3 promisc on
post-up ethtool -K eth3 gro off
post-up ethtool -K eth3 lro off
down ip link set eth3 promisc off
down ifconfig eth3 down
and this is a snapshot of iptables
ubuntu at ubuntu-HVM-domU:~$ sudo iptables -vnL
Chain INPUT (policy ACCEPT 16525 packets, 15M bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth3 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 NFQUEUE all -- eth3 eth2 0.0.0.0/0
0.0.0.0/0 NFQUEUE num 0
0 0 NFQUEUE all -- eth2 eth3 0.0.0.0/0
0.0.0.0/0 NFQUEUE num 0
now i added 2 VMs one in vlan 9 and another in vlan 10 but ping is not
working and i see no packets at eth3 with wireshark
any help about that
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161022/ae947a95/attachment.html>
More information about the Oisf-users
mailing list