OSSEC agent behind NAT

Posted by Eric on Server Fault See other posts from Server Fault or by Eric
Published on 2012-06-07T21:22:25Z Indexed on 2012/06/07 22:42 UTC
Read the original article Hit count: 495

Filed under:
|
|

I am working on an OSSEC deployment where I will have multiple agents behind 1 public IP. Below is an example of the setup

Private Network
OSSEC-Agent1 (192.168.1.10)
OSSEC-Agent2 (192.168.50.33)
OSSEC-Agent3 (10.10.10.1)

Those IPs NAT to 1 public IP (1.1.1.1)

Then 1.1.1.1 talks to the public OSSEC server on 2.2.2.2

I've read some OSSEC documentation talking about NAT here, but it doesn't tell me exactly what I need to know. Their example is using an entire /24 subnet and mine will mainly have multiple agents to only 1 public IP. With the setup so far, I brought Agent1 online fine and it is communicating to the OSSEC server. However Agent2 continues to fail trying to connect to 2.2.2.2. Even though when I added the key, I had the correct name for it, so I know it talked to the portal at least once for that information. I'm assuming it's just getting confused with the multiple keys to 1 public IP. I basically want to know if this is possible and/or if I'm just overlooking something simple. Any help would be greatly appreciated.

© Server Fault or respective owner

Related posts about linux

Related posts about security