HELP: issue with VLAN and suricata as inline IPS (netmap)
-
Hello,
I'm new in this Forum. This is my setup: pfsense 2.3.1 with suricata configured as IPS inline mode (netmap, not legacy) protecting interface OPT1 (ethernet adapter E1000 supported by netmap) in a virtual lab based upon VMWare ESXi 5.5
OPT1 is member of BRIDGE0 with second interface OPT2. I selected HOME_NET and a restrict set of rules. My network is 802.1q VLAN based. The big issue is the following: when start suricata on the interface, traffic is passing toward second interface BUT seems missing VLAN tag and this way is discarded by the receiver on the other side. When stopping suricata, traffic pass on the BRIDGE0 and everything works fine… Am I missing some important setting in my configuration? Did anybody face similar issue? Please help . Attached my configuration files.Maurizio
:'( :'( :'(
config-pfSense.localdomain-20160716170253.zip -
There's a known problem with netmap. Lots of folks are waiting for the update to drop to see if it solves the issue. Seel this thread: https://forum.pfsense.org/index.php?topic=108365.15