Hi guys, so I have a Suricata on my network, it only has an ethernet interface to ens18. My router forwards the traffic that comes from the WAN to it, it analyzes it and there is a script that when it finds an Alert it automatically creates a firewall rule on my router. Problem is it seems that it sends the wrong IP, usually it sends my Public IP as source, so I wanted some help I think I should create a virtual interface something like that, so that when an alert occurs it sends the correct Source IP , not mine, I believe that as everything comes and goes on the same interface, it is changing the IP, is there a way to do this?
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Redirect traffic based on rules | 1 | 418 | February 8, 2023 | |
| $HOME_NET and multiple interfaces, plus deployment best practices | 3 | 4295 | June 27, 2020 | |
| Architecture help | 2 | 1240 | November 29, 2020 | |
| Help with custom rule | 1 | 308 | March 29, 2024 | |
| pfSense - Allow All Traffic From Host | 2 | 1847 | July 27, 2021 |