Deploying Smooth-Sec 1.3 as a Bridge

The following are the steps I took to deploy Suricata + Snorby via Phillip Bailey’s Smooth-Sec.

My hardware

Intel DBS1200KP Mini ITX Server Motherboard LGA 1155 Intel C206
Intel Core i3-2120 Sandy Bridge 3.3GHz LGA 1155 65W Dual-Core
ADATA AXDU1333GW8G9-2G 16GB (2 x 8GB) 240-Pin DDR3 SDRAM
Mushkin MKNSSDCR60GB-DX 2.5″ 60GB SATA III Synchronous MLC SSD
Intel EXPI9402PT PRO/1000 PT Dual Port Server Adapter 10/ 100/ 1000Mbps

  • I use eth0 for management with a LAN address, and eth1 and eth2 are bridged.
  • eth1 is connected directly to a modem (to my ISP) and eth2 is connected to a Linux server (Anon).
  • Anon’s NIC is set for Link-Local which is in use by a Linux server virtual machine (Wiki-VM) which is bridged to Anon’s NIC.
  • Wiki-VM is using a public/static IP.

1. Edit Smooth-Sec’s network interfaces:

# vim /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static

auto br0
iface br0 inet loopback
bridge_ports eth1 eth2

2. Restart networking:

# /etc/init.d/networking restart

3. Edit the Surucata config:

# vim /etc/suricata/suricata.yaml

4. Replace all instances of “eth0” with “br0”

5. Edit the Suricata start-up script:

# vim /etc/init.d/suricata

6. Again, replace all instances of “eth0” with “br0”

7. Restart Suricata:

# /etc/init.d/suricata restart

8. Drink tasty beverage


One thought on “Deploying Smooth-Sec 1.3 as a Bridge”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s