Hi guys, so I have a Suricata on my network, it only has an ethernet interface to ens18. My router forwards the traffic that comes from the WAN to it, it analyzes it and there is a script that when it finds an Alert it automatically creates a firewall rule on my router. Problem is it seems that it sends the wrong IP, usually it sends my Public IP as source, so I wanted some help I think I should create a virtual interface something like that, so that when an alert occurs it sends the correct Source IP , not mine, I believe that as everything comes and goes on the same interface, it is changing the IP, is there a way to do this?
Related topics
Topic | Replies | Views | Activity | |
---|---|---|---|---|
Redirect traffic based on rules | 1 | 430 | February 8, 2023 | |
$HOME_NET and multiple interfaces, plus deployment best practices | 3 | 4370 | June 27, 2020 | |
Architecture help | 2 | 1245 | November 29, 2020 | |
Help with custom rule | 1 | 326 | March 29, 2024 | |
pfSense - Allow All Traffic From Host | 2 | 1875 | July 27, 2021 |