Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    suricata how to enable netmap I211 igb interface

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 485 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 4
      4o4rh
      last edited by 4o4rh

      So I'm trying to get the netmap / inline mode of suricata working, but I'm not seeing the netmap option in the card settings.

      my config is as follows;
      igb0 cable modem / eth connection - weight 1 - Tier 1
      igb1 fibre / pppoe connection - weight 2 - Tier 1
      igb2 lagg0 - LAN
      igb3 lagg0 - LAN

      on a side note, does it matter the igb1 pppoe mtu is 1492 and igb0 eth 1500 from a load balancing perspective?
      and how do i disable ipv6 on all of these?

      igb0@pci0:1:0:0:        class=0x020000 card=0x00008086 chip=0x15398086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb1@pci0:2:0:0:        class=0x020000 card=0x00008086 chip=0x15398086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb2@pci0:3:0:0:        class=0x020000 card=0x00008086 chip=0x15398086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb3@pci0:4:0:0:        class=0x020000 card=0x00008086 chip=0x15398086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet

lagg0: flags=88b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,STATICARP> metric 0 mtu 1500
        description: LAN_20_MGMT
        options=8120b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER>
        ether 40:62:31:06:xx:xx
        inet6 fe80::4262:31ff:xxxx:xxxx%lagg0 prefixlen 64 scopeid 0x9
        inet 192.168.xx.xx netmask 0xffffff00 broadcast 192.168.xx.255
        inet 10.10.10.1 netmask 0xffffffff broadcast 10.10.10.1
        laggproto lacp lagghash l2,l3,l4
        laggport: igb2 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
        laggport: igb3 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
        groups: lagg
        media: Ethernet autoselect
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>


      ifconfig igb0
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN_SEC
        options=8120b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER>
        ether 40:62:31:06:xx:xx
        inet6 fe80::4262:31ff:xxxx:xxxx%igb0 prefixlen 64 scopeid 0x1
        inet 62.143.197.238 netmask 0xfffffc00 broadcast 255.255.255.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

      ifconfig igb1
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8120b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER>
        ether 40:62:31:06:xx:xx
        inet6 fe80::4262:31ff:xxxx:xxxx%igb1 prefixlen 64 scopeid 0x2
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

igb1.1066: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 40:62:31:06:xx:xx
        inet6 fe80::4262:31ff:xxxx:xxxx%igb1.1066 prefixlen 64 scopeid 0x11
        groups: vlan
        vlan: 1066 vlanpcp: 0 parent interface: igb1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

pppoe0: flags=89d1<UP,POINTOPOINT,RUNNING,NOARP,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1492
        inet xx.xx.xx.xx --> xx.xx.xx.xx netmask 0xffffffff
        inet6 fe80::4262:31ff:xxxx:xxxx%pppoe0 prefixlen 64 scopeid 0x12
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Netmap (and thus Inline IPS Mode) is incompatible with your WAN because netmap does not support a PPPoE interface, and it is incompatible with your LAN because LAGG interfaces are not fully supported. It might work, but I would anticipate you having issues with LAGG.

        4 1 Reply Last reply Reply Quote 0
        • 4
          4o4rh @bmeeks
          last edited by

          @bmeeks it doesn't allow it, as it says the interface is not supported, but thanks for the confirmation

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.