We have a Graylog instance hosted on a clients site, we have firewall rules in to allow our office IP to be able to connect to the virtual machine with Graylog on.
The Graylog instance is hosting the Rest API on the external IP of the virtual machine, this allows our browsers to connect to the Rest API due to the existing firewall rules. However when the Rest API is on the external address Graylog has to go out and then connect back on itself which doesn’t work as the firewall blocks it. I then changed the Rest API to the internal address of the virtual machine, but then we can’t login as our browsers can’t connect to the API.
Overall this seems kind of like a potential design flaw. We already have a firewall rule to allow our IP to the external IP of the virtual machine over port 9000, but then Graylog can’t access the API on this IP. So setting the IP to the internal address so that Graylog can access it means that our browsers can’t access it. We have had to ask our clients to put in another firewall rule.
So am I doing something wrong? or is this just the way in which Graylog is designed?