Virtual Box 5.0.40
OS on host machine is Debian 8
I want to install Suricata IPS on the host. How can I apply it to only VMs?
1 Like
Can you provide some more details about what you’re after? I also see the pfSense tag but you make no mention of it, so not sure if you plan to add pfSense into the mix?
I have a host. There is installed VirtualBox on it. There are some guest machines in VirtualBox. I need to protect these VMs and use Suricata for it. Can I install Suricata directly on the host and configure it for VMs network interfaces without harm to resources on the host?
So I have a solution ))) pfSense on the guest system with IPS.
I just thought there was an easier solution.
How did you configure the vritualbox networking to make this possible? I assume that somehow the traffic of the other guests goes through the pfSense VM?
If i got it, you could try to configure your VMs as below:
For example, let’s say your setup has three VMs:
- Pfsense (PF/Suricata)
- CentOS (Apache)
- Window Server (Some kind of java app)
Pfsense with 2 NICs configured on VirtualBox network settings
1 NIC (bridge mode) with your Internet IP address
2 NIC (internal network) with an isolated network address
CentOS/Windows Server with 1 NIC each configured on VirtualBox network settings
1 NIC (internal network) with the same isolated network as above.
Now you can use Pfsense VM as a firewall and configure Suricata in IPS mode to project the traffic between your CentOS/Windows Server VMs and external side.
I don’t really know if this is what you’re looking for but i’ve tried this solution but just as a lab for practices purposes.