Hello. I am using Suricata 7.0.7 on ubuntu. I have first set it up as default IDS mode and then I changed it to IPS mode. It worked perfectly its host but not the hosts in all the network. So I configured all the routings and iptables rules. I could not see the HOME_NET traffic through suricata machine. So in the firewall we configured a rule. The rule is like this: if the other machines in this VLAN wants to reach external network, once they go to the gateway, they should be redirected to the suricata machine. For other loop problems, I used 2 interfaces in suricata host. The traffic now goes perfectly. When a machine in the HOME_NET wants to ping the 8.8.8.8, they go to its gateway, then suricata host, then suricata’s other interface’s gateway and from there to the internet. I have configured all the routings for this in suricata machine. But there is a problem: whenever we commit the firewall rule, the machines in the VLAN lose their internet access. They can ping 8.8.8.8 or other domains like youtube.com, but their http requests have problems, they cannot open those domains in the browser. Can you help me with this problem? What should I do in this situation?
Related topics
Topic | Replies | Views | Activity | |
---|---|---|---|---|
Suricata as NIPS | 2 | 44 | November 13, 2024 | |
Suricata IPS mode | 3 | 85 | July 31, 2024 | |
Issues with Suricata Working as IDPS | 3 | 203 | November 4, 2024 | |
Rules for different network interfaces | 7 | 1362 | April 30, 2022 | |
IPTables and IPS Mode | 3 | 844 | February 22, 2023 |