Hi Frank, if I underestand it well, packets from agent raeches server with public source address. If agent is registered with its private address, server will reject it. Server checks whether source address of agent requests correspond to its registered IP. When Static Public NAT IP is selected dynamically you need to setup network range as described in http://www.ossec.net/wiki/index.php/Know_How:DynamicIPs.
Jakub On Aug 11, 7:49 pm, Frank Moss <[email protected]> wrote: > I have a situation that I need some help with. > here is a quick diagram of the traffic flow to ossec > 192.168.100.x -> Static public NAT IP -> Internet -> Firewall NAT IP > (external side) -> OSSEC Server 192.168.0.x > > No matter what IP I use for the servers i cannot get them to connect - I > am guessing that I need to setup some kind of reverse nat for the > servers in the Firewall next to the OSSEC server. > > I am able to get through on the port 1514. > the error I am recieving is: > 2009/08/09 18:16:26 ossec-agent: INFO: Trying to connect to server > (CLIENT IP:1514). > 2009/08/09 18:16:47 ossec-agent(4101): WARN: Waiting for server reply > (not started). Tried: 'FIREWALL PUBLIC IP'. > > The "CLIENT IP" listed above has been the 192.168.100.x IP and the > Static Public NAT IP of the server depending on the setup. > > Please help > Frank > > - > Frank Moss > nine 13 tech > 314-968-8049 < office > 314-494-2207 < mobile > [email protected]http://nine13tech.com > > signature.asc > < 1KViewDownload
