I am looking to install an IDS system on as a Proxmox hosted virtual appliance. I have created the system and have added 2 network adapters. One for management purposes and the second to connect to a monitoring session on a switch. My problem is that for the connection I want to see the monitoring traffic on I cant get the required visibility in the Virtual system.
For the Proxmox server a tcpdump session on eth1 where the monitoring port is connected to I see the traffic I expect to see, a tcpdump on its related Bridge vmbr1 also shows me the traffic I want to see. However when I access the virtual machine and do a tcpdump on eth1 I am not seeing all the traffic. The configuration on the virtual machine in /etc/qemu-server/101.conf is
name: LANG8.5.1
ide2: local:iso/lg-8.5.1.iso,media=cdrom
vlan0: e1000=22:21:BA:E6:2E:73
bootdisk: ide0
ostype: other
ide0: local:101/vm-101-disk-1.raw
memory: 1000
sockets: 2
vlan1: e1000=E2
3:F9:3E:79:0C
Can this be done? Have I something missing in the bridging between physical server and virtual appliance?
Thanks for any help you can provide
Michael
For the Proxmox server a tcpdump session on eth1 where the monitoring port is connected to I see the traffic I expect to see, a tcpdump on its related Bridge vmbr1 also shows me the traffic I want to see. However when I access the virtual machine and do a tcpdump on eth1 I am not seeing all the traffic. The configuration on the virtual machine in /etc/qemu-server/101.conf is
name: LANG8.5.1
ide2: local:iso/lg-8.5.1.iso,media=cdrom
vlan0: e1000=22:21:BA:E6:2E:73
bootdisk: ide0
ostype: other
ide0: local:101/vm-101-disk-1.raw
memory: 1000
sockets: 2
vlan1: e1000=E2
3:F9:3E:79:0CCan this be done? Have I something missing in the bridging between physical server and virtual appliance?
Thanks for any help you can provide
Michael
