Hi guys, so I have a Suricata on my network, it only has an ethernet interface to ens18. My router forwards the traffic that comes from the WAN to it, it analyzes it and there is a script that when it finds an Alert it automatically creates a firewall rule on my router. Problem is it seems that it sends the wrong IP, usually it sends my Public IP as source, so I wanted some help I think I should create a virtual interface something like that, so that when an alert occurs it sends the correct Source IP , not mine, I believe that as everything comes and goes on the same interface, it is changing the IP, is there a way to do this?
Related Topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| $HOME_NET and multiple interfaces, plus deployment best practices | 3 | 3584 | June 27, 2020 | |
| Architecture help | 2 | 1094 | November 29, 2020 | |
| Novice user attempt at setting IPS at Layer 2 between 2 physical interfaces | 4 | 662 | April 5, 2024 | |
| pfSense - Allow All Traffic From Host | 2 | 1616 | July 27, 2021 | |
| Suricata on pfSense blocking IPs on Pass List | 16 | 6765 | January 14, 2022 |