Thank for the link to the dynamic NAT article. I have digested that already. =) I have tried both the agent's private and public static IPs for this. Jakub, I will try the dynamic address. Frank
On Aug 12, 4:25 am, Jakub Moravek <[email protected]> wrote: > Hi Frank, > if I underestand it well, packets from agent raeches server with > public source address. If agent is registered with its private > address, server will reject it. Server checks whether source address > of agent requests correspond to its registered IP. When Static Public > NAT IP is selected dynamically you need to setup network range as > described inhttp://www.ossec.net/wiki/index.php/Know_How:DynamicIPs. > > Jakub > > On Aug 11, 7:49 pm, Frank Moss <[email protected]> wrote: > > > I have a situation that I need some help with. > > here is a quick diagram of the traffic flow to ossec > > 192.168.100.x -> Static public NAT IP -> Internet -> Firewall NAT IP > > (external side) -> OSSEC Server 192.168.0.x > > > No matter what IP I use for the servers i cannot get them to connect - I > > am guessing that I need to setup some kind of reverse nat for the > > servers in the Firewall next to the OSSEC server. > > > I am able to get through on the port 1514. > > the error I am recieving is: > > 2009/08/09 18:16:26 ossec-agent: INFO: Trying to connect to server > > (CLIENT IP:1514). > > 2009/08/09 18:16:47 ossec-agent(4101): WARN: Waiting for server reply > > (not started). Tried: 'FIREWALL PUBLIC IP'. > > > The "CLIENT IP" listed above has been the 192.168.100.x IP and the > > Static Public NAT IP of the server depending on the setup. > > > Please help > > Frank > > > - > > Frank Moss > > nine 13 tech > > 314-968-8049 < office > > 314-494-2207 < mobile > > [email protected]http://nine13tech.com > > > signature.asc > > < 1KViewDownload
