Suricata Inline Mode Issue
-
Hey All,
Over this Easter break I built myself a new pfsense box with a lot more horse power than my first. Its now packing an Intel i5, 8GB RAM, and a quad port Intel 82580 NIC coupled with a Draytek Vigor 130.
Everything is working perfectly, except when I try to run Suricata in inline mode. When I disable hardware checksum and enable it, within 5 to 15 mins it drops the connection to the Draytek and I get 100% packetloss. Reverse the change and everything works as expected.
Not really sure how to progress this and would appreciate any help.
Thanks,
J. -
Yeah I also can't get online mode to work with two different supported NICs. It seems got our miss on the forums. I haven't seen any definitive answers as to why either.
I think the general answer is that netmap is just young and still in the process of working out its issues.
-
Ok, at least I'm not the only one. It's been driving me nuts. :)
-
Are you using the Traffic Shaper? Suricata breaks it in Inline mode…
-
I am using traffic shapers! I should remove it and try again?
-
You can try it but I'm not convinced it will help.
I've tried it without the traffic shaper on both a PRO/1000 and an i340 and neither worked.
-
Bug #6690: SURICATA IPS Issue - Kills VLANS & Traffic Shaper
https://redmine.pfsense.org/issues/6690