Hi everyone, im trying to build a proxmox server with 3 nodes in it. First nodes for security onion,second nodes for honeyd and the third one for web server, Physical server and every nodes are using public IP , and i will do some penetration testing to webserver node from a private network and i want that security onion to detect that attack.. I created those 3 nodes with Linux Bridge on Proxmox, which caused data traffic(malicious ones that i want to detect) to webserver is not being monitored by security onion. I did some research and it seems i need to make some adjustment so that any traffic trying to come in/out to webserver node is being read/checked/monitored by security onion nodes first. My friend used Virsh to make a virtual private network among nodes in KVM (illustration on attached pic) so that any traffic sent to webserver node will need to go through security onion node. My problem is that it seems like Virsh is not supported on proxmox and i heard that OVS can do the trick but it's too complicated for me, anybody know any simpler alternative ways to make my data traffic going into webserver will have to go through security onion node first? Thanks,Sorry for my english 
Goals to make traffic to service node will have to go through security onion node first.
My Simple topology
Goals to make traffic to service node will have to go through security onion node first.
My Simple topology
