How to setup an IDS/IPS as a proxy?
by n00b_noob from LinuxQuestions.org on (#5EY9V)
Hello,
I have a web server and I want to launch and IDS/IPS like Suricata-IDS between the Internet and my web server. Something like below:
The Internet --> IDS/IPS --> Web server
I have some questions:
1- On IDS/IPS server I just need to enable "Forwarding" and "MASQUERADE"? For example:
Code:# echo 1 > /proc/sys/net/ipv4/ip_forward
#
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i eth0 -o eth1 -m state -state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# iptables-save2- Should I set the web server public IP address on the IDS/IPS server and it forward all requests to my web server with a local IP address?
3- Should I install any web server software like Apache or etc on IDS/IPS server?
My goal is an architecture like below diagram, but use an IDS/IPS instead of the ModSecurity:
Attachment 35787
Thank you.
Attached Thumbnails
I have a web server and I want to launch and IDS/IPS like Suricata-IDS between the Internet and my web server. Something like below:
The Internet --> IDS/IPS --> Web server
I have some questions:
1- On IDS/IPS server I just need to enable "Forwarding" and "MASQUERADE"? For example:
Code:# echo 1 > /proc/sys/net/ipv4/ip_forward
#
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i eth0 -o eth1 -m state -state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# iptables-save2- Should I set the web server public IP address on the IDS/IPS server and it forward all requests to my web server with a local IP address?
3- Should I install any web server software like Apache or etc on IDS/IPS server?
My goal is an architecture like below diagram, but use an IDS/IPS instead of the ModSecurity:
Attachment 35787
Thank you.
Attached Thumbnails