I am running suricata on my Ubuntu machine.
I want to use it to block suspicious traffic going from my internal LAN to WAN.
This is my network, or how I want it too look like and work:
INTERNET → ROUTER → ((eth3) UBUNTU MACHINE( iptables > suricata) (eth8)) → internal LAN
The problem is, that my router does not have an option to set routes, so I am using iptables on eth3 to NAT the traffic coming from my internal LAN to the external LAN, to be natted by the router again.
Now iptables is pulling the packet once from eth8, and once from after suricata, so for every packet i send, two are sent to the routers, and I receive two replies. When I use DROP, I only get one, as iptables cannot pull the packet from after suricata.
Now my question ist: Can I configure suricata and iptables (nftables possible too) in a way, where I can use both on one machine, with natting and firewall rules? I also tried putting a third interface in between iptables and suricata and use suricata between eth3 and suricata_eth0. and then forward the traffic between eth3 and eth8 with iptables. But I got the same result.