Server currently unavailable for NAT IP issue

Hey guys,

Continuing the discussion from Server currently unavailable for NAT IP:

I have the same issue as it showed above, when I tried to fix with the same recommendations, I find out that I’m using a Firewall not a load balancer
so how can I fix this issue, considering that I’m already configured the port forwarding and everything seems okay.

  • What is your current configuration?
  • What is your goal?
    • access GL only from outside?
    • access GL only from the inside?
    • access GL from both locations?
  • What is your Network diagram for that environment?
  • rest_listen_uri = 0.0.0.0:9000/api , web_listen_uri = 0.0.0.0:9000 , rest_transport_uri = 0.0.0.0:12900/api

  • the goal is to access GL from both locations.

  • we’re using qemu/kvm environment, where the GL is installed on a VM behind a FW vm.

as ask, a network diagram would help …

yes , as I said the vm that GL is installed on is NATted by the Firewall vm

you should read the comments to the three options.

  • rest_listen_uri
  • web_listen_uri
  • rest_transport_uri

You have one Server - so rest_transport_uri is not needed. But what you need is web_endpoint_uri set to the URI of your Firewall.

Hi,
as you see in the attached screen shot, it happens when I’m trying access it from Internet.

And, can you please explain how can I setup web_endpoint_uri? Can i just use Firewall public IP?

192.168.100.200 is not a publicly routed IP address (see RFC 1918).

web_endpoint_uri has to be set to the public URI of the Graylog REST API. If the “Firewall public IP" is the URI of the Graylog REST API reachable from the public Internet, then by all means use that in your configuration.

Hi jochen,

as I mentioned to jan, the graylog is installed on a vm which NATted by the same firewall.

for this point, Do I need to configure something in graylog to use firewall public IP as graylog REST API ?

This naturally depends on your specific network setup, but setting rest_listen_uri to http://0.0.0.0:9000/api should be fine.

well, I’m already done this but still

Please answer all questions asked by @jan in detail:

as I answered here

And I will follow the configuration with another comment

What exactly are “both locations”?
Where’s the network diagram?

for “both locations”, what I mean is as jan asked,

and for the network diagram, I have described before how the graylog is connected in the network ! as I said here

And here :

What exactly is “inside” and “outside”?

And is the “FW vm” directly connected to the Internet?
How’s routing configured?
Which networking layer is the “FW vm” working on? Layer 2, 3, or higher?

I’ll stop in this thread now, since the required details to understand your setup aren’t there. :man_shrugging:

the firewall has an interface outside and one is inside, the vm which the GL is installed on is in inside.

all the internal vms are NATted and routed to outside.

I’m using pfSense, so I think it’s on Layer 3

as you like.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.