OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • None IDS alert trigger for WAN and LAN
« previous next »
  • Print
Pages: [1]

Author Topic: None IDS alert trigger for WAN and LAN  (Read 2383 times)

everfree

  • Newbie
  • *
  • Posts: 15
  • Karma: 0
    • View Profile
None IDS alert trigger for WAN and LAN
« on: October 30, 2016, 05:21:53 am »
Hi,

I use 16.7.7 and have one special network.

B point 10.87.0.34/30 (gateway)
A point 10.87.0.33/30 (WAN)
Public IP (LAN)
Private IP(NAT)

10.87.0.32/30 and Private IP is outbound nat for LAN Public IP through WAN interface. Public IP is routing through A point WAN to B point gateway. The network traffic is normal. I use IDS and enable ET-TROJAN rules. I try to query qfsl.net and trigger that alert. Only NAT interface is trigger. No alert in WAN and LAN interface.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: None IDS alert trigger for WAN and LAN
« Reply #1 on: October 30, 2016, 05:43:09 pm »
Hi everfree,

Are the rules fetched/enabled, was the configuration applied afterwards again? Do you see any alerts in non-IPS mode?

I remember an issue with a test setup that did not work because the Suricata rules use $HOME_NET and its inverse to filter for source/destination, but that also prevents alerts from triggering when testing between two private networks.

I don't quite understand the WAN/LAN/NAT setup, can you please explain?


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • None IDS alert trigger for WAN and LAN
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2