Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000038975 - Configuring host to work with NAT address in RSA NetWitness Platform 11.x

Document created by RSA Customer Support

on Jun 8, 2020•Last modified by RSA Customer Support

on Jun 25, 2020

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000038975
Applies To	RSA Product Set: NetWitness Platform RSA Product/Service Type: NetWitness Admin Server, NetWitness UI, Virtual Log Collector (VLC) RSA Version/Condition: 11.x
Issue	Host status that is deployed outside of a private network in NAT shows red stopped or yet to start processing in Health&Wellness page.
Tasks	The following steps describe how to establish communication between the NetWitness Admin Server and the Virtual Log Collector (VLC) deployed outside of a private network in a Network Address Translation (NAT) environment.
Resolution	Configure iptables on the NW Admin Server and the VLC. Update netwitness.json file with customer firewall line in order to propagate forward on all future updates. https://community.rsa.com/docs/DOC-93651 Save current iptables to disk (so it ends up with /etc/sysconfig/iptables and /etc/sysconfig/iptables.save where .save is backup) # service iptables save Copy iptables as file with date (Optional, if want to retain multiple backups) # cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup.$(date +"%Y%m%d_%H%M") Stop iptables # service iptables stop Edit /etc/hosts and /etc/sysconfig/iptables as follows. On NW Admin Server Add VLC entry with NAT IP. # vi /etc/hosts <VLC_NAT_IP> vlchostname Add the following rules in gray under nat in green in iptables. # cd /etc/sysconfig # vi iptables nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A OUTPUT -d <VLC_Real_IP>/32 -p tcp -m tcp --dport 5671 -j DNAT --to-destination <VLC_NAT_IP>:5671 -A OUTPUT -d <VLC_Real_IP>/32 -p tcp -m tcp --dport 56001 -j DNAT --to-destination <VLC_NAT_IP>:56001 -A OUTPUT -d <VLC_Real_IP>/32 -p tcp -m tcp --dport 56006 -j DNAT --to-destination <VLC_NAT_IP>:56006 -A OUTPUT -d <VLC_Real_IP>/32 -p tcp -m tcp --dport 50001 -j DNAT --to-destination <VLC_NAT_IP>:50001 -A OUTPUT -d <VLC_Real_IP>/32 -p tcp -m tcp --dport 50101 -j DNAT --to-destination <VLC_NAT_IP>:50101 -A OUTPUT -d <VLC_Real_IP>/32 -p tcp -m tcp --dport 50006 -j DNAT --to-destination <VLC_NAT_IP>:50006 -A OUTPUT -d <VLC_Real_IP>/32 -p tcp -m tcp --dport 50106 -j DNAT --to-destination <VLC_NAT_IP>:50106 -A OUTPUT -d <VLC_Real_IP>/32 -p udp -m udp --dport 123 -j DNAT --to-destination <VLC_Real_IP>:123 COMMIT Save iptables by wq! and start iptables. # service iptables start On VLC* Perform the above steps from 1) to 4). Add NW Admin Server entry with NAT IP in /etc/hosts. # vi /etc/hosts <NW_Server_NAT_IP> nw-node-zero UUID-of-NW-server Add the following rules in gray under nat in green in iptables. # cd /etc/sysconfig # vi iptables nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A OUTPUT -d <NW_Server_Real_IP>/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination <NW_Server_NAT_IP>:80 -A OUTPUT -d <NW_Server_Real_IP>/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination <NW_Server_NAT_IP>:443 -A OUTPUT -d <NW_Server_Real_IP>/32 -p tcp -m tcp --dport 5671 -j DNAT --to-destination <NW_Server_NAT_IP>:5671 -A OUTPUT -d <NW_Server_Real_IP>/32 -p tcp -m tcp --dport 15671 -j DNAT --to-destination <NW_Server_NAT_IP>:15671 -A OUTPUT -d <NW_Server_Real_IP>/32 -p tcp -m tcp --dport 27017 -j DNAT --to-destination <NW_Server_NAT_IP>:27017 -A OUTPUT -d <NW_Server_Real_IP>/32 -p tcp -m tcp --dport 4505 -j DNAT --to-destination <NW_Server_NAT_IP>:4505 -A OUTPUT -d <NW_Server_Real_IP>/32 -p tcp -m tcp --dport 4506 -j DNAT --to-destination <NW_Server_NAT_IP>:4506 -A OUTPUT -d <NW_Server_Real_IP>/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination <NW_Server_NAT_IP>:53 -A OUTPUT -d <NW_Server_Real_IP>/32 -p udp -m udp --dport 53 -j DNAT --to-destination <NW_Server_NAT_IP>:53 -A OUTPUT -d <NW_Server_Real_IP>/32 -p udp -m udp --dport 123 -j DNAT --to-destination <NW_Server_NAT_IP>:123 -A OUTPUT -d <LogDecoder_Real_IP>/32 -p tcp -m tcp --dport 5671 -j DNAT --to-destination <LogDecoder_NAT_IP>:5671 COMMIT Start iptables. # service iptables start On LogDecoder where the VLC is sending logs to:* Perform the above steps from 1) to 4). Add VLC entry with NAT IP in /etc/hosts. # vi /etc/hosts <VLC_NAT_IP> vlchostname Add the following rules in gray under nat in green in iptables. # cd /etc/sysconfig # vi iptables nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A OUTPUT -d <VLC_Real_IP>/32 -p tcp -m tcp --dport 5671 -j DNAT --to-destination <VLC_NAT_IP>:5671 Start iptables # service iptables start Check the custom rules using the command:* # iptables -L -nv -t nat Test connection. For example, On VLC: # curl -v <NW_Server_Real_IP>:443 On NW Admin Server: # curl -v <VLC_Real_IP>:443
Notes	Reference: Deployment Guide: Network Architecture and Ports https://community.rsa.com/docs/DOC-83050

Attachments

Outcomes

0 Comments

Recommended Content