Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
opnsense, proxmox & Suricata IDS
« previous
next »
Print
Pages: [
1
]
Author
Topic: opnsense, proxmox & Suricata IDS (Read 425 times)
planetf1
Newbie
Posts: 41
Karma: 1
opnsense, proxmox & Suricata IDS
«
on:
May 14, 2024, 07:20:19 pm »
I have opnsense running on proxmox (N100, 16GB) very nicely.
Under proxmox 3 of my I226-V ports are bridged as a linux bridge, whilst the 4th is passed through to opnsense vm.
In opnsense I have a WAN interface (passthrough), and LAN (linux bridge)
I've been exploring IDS - and I may not need it, but a configuration question
Suricata is enabled in IDS mode, with promiscuous enabled. I have some port scanning detection rules installed
If I do a port scan between two lan devices (both are on a WAP, which itself is bridged) I do not get any alerts.
If I do a port scan to/from the opnsense ip then I do get alerts.
So it seems as if promiscuous mode isn't picking up the packets, and indeed capturing some wireshark traffic, both on another device on the lan, or indeed a packet capture on the lan interface on opnsense itself only shows traffic going through that interface, not just passing by (which I'd expected would be captured in promiscuous mode).
I guess that relates to the bridge config on proxmox?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
opnsense, proxmox & Suricata IDS