SELKS docker - traffic coming in not going out

[Ben Mackin]

Hello

A bit about my setup.

I installed SELKS via the default docker install instruction. My host has just a single ethernet port, ens160. This box is connected to my network via VLAN. It's IP address is 10.10.10.164 (VLAN ID is 10).

On my router, I setup a few rules to route traffic to the SELKS box:

ip rule add fwmark 5 table 5

ip route add default via 10.10.10.164 dev eth10.10 table 5

Then the iptables rule

ip tables -t mangle -A PREROUTING -j MARK -i eth10.5 --set-mark 5 -p all

This appears to be working, and is correctly sending the traffic that comes into the route from my VLAN5 to my SELKS instance, and I can see the traffic coming into the logs.

The issue I face is that the traffic seems to just end here, and not route out to the internet. As I am still running the default docker configuration, I believe it is only in IDS mode, so nothing should be getting dropped.

I do have ipv4 forwarding enabled on the SELKS box:

net.ipv4.ip_forward=1

net.ipv4.conf.all.proxy_arp=1

I don't have any firewall rules configured, outside of the default rules that docker creates.

I'm guessing there is some kind of a rule I need to setup at this point to have the SELKS box pass the traffic back up to the router? But I am a bit stuck at this point, so any help would be great.