Configuring Suricata IDS/IPS on an OpenWrt router?
Configuring Suricata IDS/IPS on an OpenWrt router?
If you truly require Suricata, it would be more sensible to purchase a mini PC equipped with two LAN ports and 16GB RAM, then install pfsense and add the Suricata plugin is a better approach than trying to run it on an i5 4570 (either as a Windows process or via VM/docker, etc.).
Pfsense appears to have limited support for Realtek NICs; it's advisable to look for a system with Intel NICs instead.
You can find more information here: https://www.youtube.com/results?search_q...e+suricata
all settings are present in the current Tenda F6 300 router. The TP-Link MR3420 already offered more options before flashing with OpenWrt. With a 1mbps internet connection, I’m concerned that the router might face a serious bottleneck or struggle to manage traffic, even though it seems like just a 1mbps connection. I plan to connect the TP-Link via a desktop to test if it maintains a stable connection. Since I haven’t used OpenWrt before, I hope connecting through the Tenda-TP-Link-Desktop setup works. I’ll share updates once I see results from the TP-Link connection. Regarding the NAT function, is it set in the Windows firewall or within the router’s configuration options? (These are all the available settings on the Tenda F6 300 router.)
You are unfamiliar with NAT and discussing IDS setup? It’s crucial to grasp this idea since you need to know whether the firewall is applied before or after NAT.
Firewalls often come with preset configurations, but really understanding what they produce is essential. This tool is meant for those who know their work well, helping them work more efficiently. If you’re unsure, you might end up with filters that appear correct but don’t actually perform their job. Many firewall images simply generate IPTABLES rules. Creating these yourself gives a clearer picture of how firewall filters operate.
IPTABLES can be quite confusing; it seems the design intended to make it difficult, allowing developers to mock frustration at those they perceived as less capable. Still, once you see how intricate firewalls are and how traffic can slip through if not monitored closely, you’ll appreciate their complexity.
If your internet speed is very low—just 1mbps—it’s likely you won’t face major problems using a router. However, it’s unclear how practical that would be given all the embedded ads and tracking data, which could slow down web page loading times significantly.
The router's CPU and the PC's CPU operate at vastly different levels. Your i5 is at least ten times more powerful than the MR3420's CPU. With your 1Mbps internet connection, loading a page today would take an eternity, making Suricata unnecessary. Hackers won't even consider attacking such a slow site.
i kind of understand NAT from searching about it (not an epert btw). the isp provided me with a dynamic ip, and the internet package is called 1mbps connection, heres a ookla test.
about the iptables filters and emerging threat, and from spending decent amount of time trying to set up the suricata/evebox/elastisearch. i figured it would be trial and error, but the thing is im having trouble setting it up and since there isnt really any easy solution for ips/ids, but if the setting up is successful then i could check the necessary incoming connections
It seems your subscription speed should be 100Mbps in either direction.
You're having trouble using the unit properly. This is my most recent update.
lol money issues and location problems, nothing can be done about it
Suricata demands significant effort to master, requiring thorough study. If you're unsure about the 19.07.10 from 2022 being the final officially supported version for 4MB flash devices, or if later stripped-down community builds remove features like USB support just to simplify things, then the situation isn't favorable. OpenWRT stands out with excellent documentation.
It's clear you won't be installing many software packages into such a limited flash memory.
How does money and location influence your ability to see that 100Mb is vastly bigger than 1Mb? Even minor mistakes in capitalization or byte counting would only make it harder.