Security onion as a router and a IDS

[Monah Baki]

Hi all,

Is it possible to setup SO with 2 NICS both of them having an internal/external IP address, but for the internal NIC, I would also like to have it as my sniffing interface, and during the setup of SO keep the internal IP address, not have SO during setup remove the IP address?

Thanks
Monah

[Doug Burks]

Hi Monah,

In theory, you might be able to make this work, but Security Onion was
not designed to be a router and that would be totally unsupported.

I'd recommend using a dedicated router and then sending a copy of the
traffic to a separate Security Onion box using a tap or span port.

> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



--
Doug Burks