Created
January 4, 2024 19:54
-
-
Save csamsel/f41ab5c66d759acc1b24daf124facd9d to your computer and use it in GitHub Desktop.
configure shorewall DNAT to work with Suricata in IPS / NFQUEUE mode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I had a lot of trouble to debugging a non working portforwarding while using Suricata in IPS mode together with Shorewall. | |
| # The following configuration finally worked. | |
| # | |
| # Make sure that the tcp connection establishment is also NFQUEUE'd. | |
| # The minus at the end of DNAT prevents an ACCEPT rule to be created along the DNAT rule, because we want an NFQUEUE rule instead. | |
| # 0:3,bypass refers to 4 queues with a bypass rule in case Suricata is not available. | |
| # Example for Plex with an internal port of 32400 and external port of 32411 (target 192.168.2.20) | |
| DNAT-:info net 192.168.2.20:32400 tcp 32411 | |
| NFQUEUE(0:3,bypass) net loc tcp 32400 | |
| # Standard forwarding of Web Traffic (Port 80, 443; target (target 192.168.2.32) | |
| Web(DNAT-):info net 192.168.2.32 | |
| Web(NFQUEUE(0:3,bypass)) net loc:192.168.2.32 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment