Hi Timothy,
I can't help you much with the iptables rules, but you could try using
the local_ip option
in the server config to specify the IP address for OSSEC to use (in
your case the ip of eth0:1).
*example for ip 10.2.3.4:
remote
local_ip10.2.3.4/local_ip
/remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim,
I'll admit that I'm running low on ideas. I think you may get more
useful help posting this to the iptables list -- which seems to be
MIA at the moment: http://www.netfilter.org/mailinglists.html#ml-user
These are really straws
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim,
I think you need to add a SNAT rule to use iptables for this. I'm
not in a position to test this but I think something like this may
work for you:
- -t nat -A POSTROUTING -o eth0 -p udp --dport 1514 -j SNAT --to
xxx.xxx.xxx.29
David, thanks for the reply. I've tried adding that line to my
iptables config (came up with a similar example after a web search),
but every time I do, I'm no longer able to startup IPtables due to an
error about seems to have a -t table option when I run
/etc/init.d/iptables start.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim,
I'm guessing the issue is how the RedHat tool creates and stores
the rules. I'm a bit leery trying to troubleshoot iptables long
distance like this; however, if you have a good backup of the file
and you're OK with poking around, I'd
David,
Again, thanks for the help. I've tried implementing the rules you
mentioned via the first method. I changed it slightly, since I'm
actually looking for packets that are sent from local port 1514 on
the server out to a high port on the client machine, therefore I
changed it to be:
-A