Suricata not responding to configured or deployed rules

[nielser]

Hey all,

For a project i am testing out the functionality of suricata opnsense within vmware.

i have the following configured as VMNET VMNET8 NAT (wan) vmnet 11_12_13 LAN

My clients have their NIC set as vmnet 11 for example with a default gateway to the NIC on the firewall with the X.X.X.1 ip.

on my interface statistics i can see that all interfaces are taking in data but when i try a nmap scan etc the rule does not seem to alert even though it should be configured like that.

has anybody had any similar problems or think they may know what the problem is?-

[triathlontoe]

Hey all,

For a project i am testing out the functionality of suricata opnsense within vmware.

i have the following configured as VMNET VMNET8 NAT (wan Survival Race) vmnet 11_12_13 LAN

My clients have their NIC set as vmnet 11 for example with a default gateway to the NIC on the firewall with the X.X.X.1 ip.

on my interface statistics i can see that all interfaces are taking in data but when i try a nmap scan etc the rule does not seem to alert even though it should be configured like that.

has anybody had any similar problems or think they may know what the problem is?-

Suricata needs to be enabled on the interface it sees traffic on. In your case, verify that: Suricata is enabled on VMNET11/12/13, which represent your LAN interfaces. You are scanning traffic across the firewall, not just within the same subnet (Suricata will not see traffic that does not cross the interface it is bound to).

[ahro_john]

Hey all,

For a project i am testing out the functionality of suricata opnsense within vmware.

i have the following configured as VMNET VMNET8 NAT (wan wacky flip) vmnet 11_12_13 LAN

My clients have their NIC set as vmnet 11 for example with a default gateway to the NIC on the firewall with the X.X.X.1 ip.

on my interface statistics i can see that all interfaces are taking in data but when i try a nmap scan etc the rule does not seem to alert even though it should be configured like that. I check the configuration, restart the interfaces - I feel like I'm catching a bug in some game engine like spinaway-at - everything works until you start checking something manually.

has anybody had any similar problems or think they may know what the problem is?-

Suricata needs to be enabled on the interface it sees traffic on. In your case, verify that: Suricata is enabled on VMNET11/12/13, which represent your LAN interfaces. You are scanning traffic across the firewall, not just within the same subnet (Suricata will not see traffic that does not cross the interface it is bound to).

If there are multiple LAN interfaces (VMNET11/12/13), and each of them belongs to a different subnet, do I need to enable Suricata on each of them to control local traffic between subnets?

[EmmieVon]

Hey all,

For a project i am testing out the functionality of suricata opnsense within vmware.

i have the following configured as VMNET VMNET8 NAT (wan Squid Game Online ) vmnet 11_12_13 LAN

My clients have their NIC set as vmnet 11 for example with a default gateway to the NIC on the firewall with the X.X.X.1 ip.

on my interface statistics i can see that all interfaces are taking in data but when i try a nmap scan etc the rule does not seem to alert even though it should be configured like that.

has anybody had any similar problems or think they may know what the problem is?-

Suricata needs to be enabled on the interface it sees traffic on. In your case, verify that: Suricata is enabled on VMNET11/12/13, which represent your LAN interfaces. You are scanning traffic across the firewall, not just within the same subnet (Suricata will not see traffic that does not cross the interface it is bound to).

Hello triathlontoe! Are there any limitations with this interface? Like temporary network connection conflicts?