OSSEC agent behind NAT
Posted
by
Eric
on Server Fault
See other posts from Server Fault
or by Eric
Published on 2012-06-07T21:22:25Z
Indexed on
2012/06/07
22:42 UTC
Read the original article
Hit count: 495
I am working on an OSSEC deployment where I will have multiple agents behind 1 public IP. Below is an example of the setup
Private Network
OSSEC-Agent1 (192.168.1.10)
OSSEC-Agent2 (192.168.50.33)
OSSEC-Agent3 (10.10.10.1)Those IPs NAT to 1 public IP (1.1.1.1)
Then 1.1.1.1 talks to the public OSSEC server on 2.2.2.2
I've read some OSSEC documentation talking about NAT here, but it doesn't tell me exactly what I need to know. Their example is using an entire /24 subnet and mine will mainly have multiple agents to only 1 public IP. With the setup so far, I brought Agent1 online fine and it is communicating to the OSSEC server. However Agent2 continues to fail trying to connect to 2.2.2.2. Even though when I added the key, I had the correct name for it, so I know it talked to the portal at least once for that information. I'm assuming it's just getting confused with the multiple keys to 1 public IP. I basically want to know if this is possible and/or if I'm just overlooking something simple. Any help would be greatly appreciated.
© Server Fault or respective owner