I want all traffic that hits the OpenWRT router redirecting/tunneling through a dedicated Snort/Suricata machine before it leaves the local network. The Snort/Suricata machine should act as an inline passive (!) IDS, but does only have 1 eth0 device.
- OpenWRT Router Barrier Breaker (
192.168.1.1) provides ethernet LAN, WiFi and OpenVPN. - Clients (
192.168.1.x) - VPN Clients (
192.168.10.x) - Snort/Suricata machine (
192.168.1.200)
What iptables do I have to use on the OpenWRT router to redirect/ tunnel all traffic through the IDS sensor?
What iptables do I have to use on the Snort/Suricata machine? As the traffic comes in at eth0, gets inspected, and then exits the machine at eth0 to the router and to its destination.
I know that usually packet-mirroring is used, but I am only interested in the scenario as described.
