User Tools
hardware:gatewaynetflow
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
hardware:gatewaynetflow [2019/01/03 13:01] veera [Then setup the Port NAT] |
hardware:gatewaynetflow [2019/01/07 06:15] (current) veera [How to redirect Netflow to Trisul across network segments using NAT] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== How to redirect Netflow to Trisul across network segments using NAT ====== | ====== How to redirect Netflow to Trisul across network segments using NAT ====== | ||
| - | In some customers, Trisul is on a separate segment from the production routers. These sites often have a gateway device that be be used to access. The routers can each the gateway to export NETFLOW but cannot reach the Trisul server. The picture below shows how the setup is. | + | In some customers, Trisul is often deployed on a separate segment from the production routers or routers in the DMZ. These sites often have a gateway device that be be used to access. The routers can reach the gateway to export NETFLOW but cannot reach the Trisul server directly. The picture below shows how the setup is. |
| {{:hardware:netflow-nat.png?600|}} | {{:hardware:netflow-nat.png?600|}} | ||
| - | This HOWTO explains how to use Linux IPTABLES NAT to move between the two. | + | This HOWTO explains how to use Linux IPTABLES NAT to solve the issue. |
| + | <note>You may want to setup a GRE Tunnel instead to preserve the router IPs while also using the source IP of the gateway node, read "[[hardware:gretunnel|Setup GRE Tunnel]]"</note> | ||
| ===== IPTABLES Port based NAT ===== | ===== IPTABLES Port based NAT ===== | ||
| - | On the gateway device you just need to run the following commands, say you want to move port 2055 to a particular IP. | + | **On the gateway device** you just need to run the following commands, say you want to move port 2055 to a particular IP. |
| ==== Shutdown ufw or disable firewalld ==== | ==== Shutdown ufw or disable firewalld ==== | ||
| + | since we are working directly with iptables. | ||
| <code bash> | <code bash> | ||
| Line 22: | Line 24: | ||
| # Make sure ip forwarding is enabled in kernel | # Make sure ip forwarding is enabled in kernel | ||
| - | echo 1 > /proc/sys/net/ipv4/ip_forwarding | + | echo 1 > /proc/sys/net/ipv4/ip_forward |
| </code> | </code> | ||
| Line 31: | Line 33: | ||
| <code> | <code> | ||
| - | $ iptables -t nat -A PREROUTING -p udp \ | + | $ iptables -t nat -A PREROUTING -p udp --dport 2055 -j DNAT --to-destination 10.10.10.17:2055 |
| - | --dport 2055 -j DNAT --to-destination 10.10.10.17:2055 | + | |
| </code> | </code> | ||
| Line 49: | Line 50: | ||
| '' | '' | ||
| ==== Reference ==== | ==== Reference ==== | ||
| - | |||
| - | How to redirect incoming traffic on a port to another IP https://my.esecuredata.com/index.php?/knowledgebase/article/49/how-to-redirect-an-incoming-connection-to-a-different-ip-address-on-a-specific-port-using-iptables/ | ||
| - | |||
| + | Forwarding and NAT with IPTABLES : Redhat https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html | ||
hardware/gatewaynetflow.1546520480.txt.gz · Last modified: 2019/01/03 13:01 by veera
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
