1
17.7 Legacy Series / Transparent Bridge : IDS to IPS blocks all traffic
« on: January 24, 2018, 02:13:43 am »
My scenario is :quad core j1900 appliance with 4 x intel ( PRO/1000 Network Connection, Version - 2.5.3-k )
4gb ram, ssd, OS 17.7.11
LAN0 - (igb0) Management interface , static ip, openvnp to my NMS
WAN1 and NET2 (igb1 and igb2) are a bridge (BRIDGE0) .
My intention is to run a transparent IPS on the bridge interface.
In IDS mode, suricata runs flawlessly doing everything I expect.
When I transition to IPS mode, the system stops passing traffic on the bridge interface.
When suricata transitions to netmap mode it fails, and opnsense locks up.
I have set all offloading to off.
I have followed this guide:
https://docs.opnsense.org/manual/how-tos/ips.html
and then double checked a few settings against this one for general omissions
https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
I also reviewed the notes the the bottom of this thread :
https://forum.opnsense.org/index.php?topic=3934.0
Looking through the logs I see nothing that helps diagnose the problem.
My question is how can I debug netmap or suricata on the device to troubleshoot what's failing when i transition to IPS mode?
Thanks for your help,
Mpdsville
Competent Unix and Linux System Admin.
4gb ram, ssd, OS 17.7.11
LAN0 - (igb0) Management interface , static ip, openvnp to my NMS
WAN1 and NET2 (igb1 and igb2) are a bridge (BRIDGE0) .
My intention is to run a transparent IPS on the bridge interface.
In IDS mode, suricata runs flawlessly doing everything I expect.
When I transition to IPS mode, the system stops passing traffic on the bridge interface.
When suricata transitions to netmap mode it fails, and opnsense locks up.
I have set all offloading to off.
I have followed this guide:
https://docs.opnsense.org/manual/how-tos/ips.html
and then double checked a few settings against this one for general omissions
https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
I also reviewed the notes the the bottom of this thread :
https://forum.opnsense.org/index.php?topic=3934.0
Looking through the logs I see nothing that helps diagnose the problem.
My question is how can I debug netmap or suricata on the device to troubleshoot what's failing when i transition to IPS mode?
Thanks for your help,
Mpdsville
Competent Unix and Linux System Admin.