Hello
A bit about my setup.
I installed SELKS via the default docker install instruction. My host has just a single ethernet port, ens160. This box is connected to my network via VLAN. It's IP address is 10.10.10.164 (VLAN ID is 10).
On my router, I setup a few rules to route traffic to the SELKS box:
ip rule add fwmark 5 table 5
ip route add default via 10.10.10.164 dev eth10.10 table 5
Then the iptables rule
ip tables -t mangle -A PREROUTING -j MARK -i eth10.5 --set-mark 5 -p all
This appears to be working, and is correctly sending the traffic that comes into the route from my VLAN5 to my SELKS instance, and I can see the traffic coming into the logs.
The issue I face is that the traffic seems to just end here, and not route out to the internet. As I am still running the default docker configuration, I believe it is only in IDS mode, so nothing should be getting dropped.
I do have ipv4 forwarding enabled on the SELKS box:
net.ipv4.ip_forward=1
net.ipv4.conf.all.proxy_arp=1
I don't have any firewall rules configured, outside of the default rules that docker creates.
I'm guessing there is some kind of a rule I need to setup at this point to have the SELKS box pass the traffic back up to the router? But I am a bit stuck at this point, so any help would be great.