I want to test an IDS(intrusion detection system), and I am trying to build a docker-compose so I can test things before I have the phisical devices.
So in order for the IDS to “listen” to all the traffic, I would just configure in the switch a port mirror from the router port to the IDS port.
However, I am having many problems with this. I tried configuring iptables in the IDS machine,
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
and setting the default gateway of the network of the lan network to the IDS machine IP. But the LAN network didnt have access to the internet.
Which is the best way to configure docker-compose, so I can emulate that network?