It doesn't seem like the NAT piece would cause a problem if both are just one-to-one NATs on both sides. Maybe I'm not understanding right, though. Seems like you'd just use the public side NATted address on both ends, unless you have some kind of VPN setup between the two.
In the message, it says 'FIREWALL PUBLIC IP'. Shouldn't that (i.e. the client) instead be pointing to the external NAT address for the OSSec server on that end? Greg _____ Developer of EdWeb 2.0 Web hosting designed with teachers in mind! _____ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Frank Moss Sent: Tuesday, August 11, 2009 10:49 AM To: [email protected] Subject: [ossec-list] OSSEC and 2 Nat translations I have a situation that I need some help with. here is a quick diagram of the traffic flow to ossec 192.168.100.x -> Static public NAT IP -> Internet -> Firewall NAT IP (external side) -> OSSEC Server 192.168.0.x No matter what IP I use for the servers i cannot get them to connect - I am guessing that I need to setup some kind of reverse nat for the servers in the Firewall next to the OSSEC server. I am able to get through on the port 1514. the error I am recieving is: 2009/08/09 18:16:26 ossec-agent: INFO: Trying to connect to server (CLIENT IP:1514). 2009/08/09 18:16:47 ossec-agent(4101): WARN: Waiting for server reply (not started). Tried: 'FIREWALL PUBLIC IP'. The "CLIENT IP" listed above has been the 192.168.100.x IP and the Static Public NAT IP of the server depending on the setup. Please help Frank - Frank Moss nine 13 tech 314-968-8049 < office 314-494-2207 < mobile [email protected] http://nine13tech.com
