Noman Aziz
Reputation: 1
Not receiving traffic in suricata on proxmox host machine from other hosts
I am running proxmox on my server machine. I have attached a bridge adapter to it and 2 containers (A and B) are installed on proxmox.
I have also install Suricata on the Proxmox machine for it to act as an IDS. I have setup promiscuous mode on my bridge adapter in order to receive traffic from other machines present in my local network. However, in the Suricata logs, i am only receiving logs relating to my Containers (A and B) and not from the other Devices (Non Proxmox Based) present in my local network.
Upvotes: 0
Views: 400
Answers (1)
David
Reputation: 584
suricata installed directly on proxmox server is not good at all, you must do any if this
- redirect (mirror) all traffic from home router to suricata (proxmox), it can be setup on router or switch before router - based on what you have there, but sending all traffic to proxmox(suricata) is bad idea, you will see
- buy some rpi4 (4 or 8GB ram) make pfsense running on it with suricata "addon" or suricata itself - place it in front of your main LAN gateway/router and reconfigure all home devices to use it as gateway
Upvotes: 0
Related Questions
- Adding Host in Observium (Cannot Ping)
- Suricata does not work inline mode
- Packet socket in promiscuous mode only receiving local traffic
- Proxmox with OPNsense as Firewall/GW - routing issue
- Can't connect to external IP from local network behind iptables NAT
- proxmox KVM routed network with multiple public IPs
- Setup proxmox internal network
- Configuring Two Network Interfaces for Proxmox
- Proxmox, How to connect to remote VM
- How to you suricata to work in IPS mode in Ubuntu?