Problem with "Intrusion Detection" and a Bridge.

Started by Kuzunkhaa, August 02, 2016, 10:25:12 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 02, 2016, 10:25:12 AM
Hello,
the interfaces of my OPNsense are configured with one NIC for internet connectivity thru PPPoE and 3 NIC together in a Bridge, so my configuration is:

  • WAN -> PPPoE
  • LAN -> Bridge0
  • OPT1 -> No IP (member of Bridge0)
  • OPT2 -> No IP (member of Bridge0)
  • OPT3 -> No IP (member of Bridge0)
I have a problem to configure the Intrusion Detection service to the Bridge. When I insert one member of the Bridge0 to the interface list, it become impossible to connect thru that port to OPNsense. While when I insert LAN on the interfaces, seems don't block nothing.
What I have to do for enable Intrusion Detection on the members of Bridge0?

Thanks
August 03, 2016, 01:09:43 PM #1
Are we talking about IDS with IPS mode? What OPNsense version are you on and what is your network card driver?

Ideally, IPS on a number of OPTX should work, but for the bridged LAN there is no guarantee this will work due to the plumbing of the operating system itself.

Then again, running IPS on a lot of internal traffic may not be worth it. The normal use case is to set WAN and Promisc mode for your PPPoE. There may be another issue with PPPoE parsing at the moment in Suricata, but I can't keep all of the current idiosyncrasies together anymore. ;)

So to reiterate: LAN port bridge not working is expected, OPTX not working could be a current bug with 16.7.


Cheers,
Franco
Print
Go Up Pages1
User actions