My ISP uses PPPoE over a VLAN. AFAIK, IDS only works on the physical interface when using PPP. Indeed, when I set the IDS to monitor the WAN interface, no rules ever fire. So I tried, in the IDS setup, to remove the WAN interface and choose the physical interface (igb1) to be monitored. However, I can choose both other NIC's, but not the WAN NIC.
Could it be that because I have PPPoE on this NIC, it doesn't even show up?
I've tried enabling promiscuous mode, but that doesn't seem to change the behavior either.
What could I do to monitor the physical WAN NIC?