Musab
(musab)
June 26, 2018, 10:41am
1
Hey guys,
Continuing the discussion from Server currently unavailable for NAT IP :
We are using NAT to access the graylog running in Private IP space. I am able to access the graylog web gui from the Private subnet, I also get the front page when accessing the graylog from Public subnet but it says
We are experiencing problems connecting to the Graylog server running on http://192.168.32.139:9000/api/ . Please verify that the server is healthy and working correctly. I can access the elasticsearch but not the graylog login. Am I missing something here?
I have the same issue as it showed above, when I tried to fix with the same recommendations, I find out that I’m using a Firewall not a load balancer
so how can I fix this issue, considering that I’m already configured the port forwarding and everything seems okay.
jan
(Jan Doberstein)
June 27, 2018, 10:15am
4
as ask, a network diagram would help …
Musab
(musab)
June 27, 2018, 10:25am
5
yes , as I said the vm that GL is installed on is NATted by the Firewall vm
jan
(Jan Doberstein)
June 27, 2018, 12:34pm
6
you should read the comments to the three options.
rest_listen_uri
web_listen_uri
rest_transport_uri
# REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.
# If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on
# this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)
# You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting
# the scheme, host name or URI.
# This must not contain a wildcard address (0.0.0.0).
#rest_transport_uri = http://192.168.1.1:9000/api/
You have one Server - so rest_transport_uri
is not needed. But what you need is web_endpoint_uri
set to the URI of your Firewall.
Musab
(musab)
July 3, 2018, 9:17am
7
Hi,
as you see in the attached screen shot, it happens when I’m trying access it from Internet.
And, can you please explain how can I setup web_endpoint_uri? Can i just use Firewall public IP?
jochen
(Jochen)
July 3, 2018, 9:25am
8
192.168.100.200 is not a publicly routed IP address (see RFC 1918 ).
web_endpoint_uri
has to be set to the public URI of the Graylog REST API. If the “Firewall public IP" is the URI of the Graylog REST API reachable from the public Internet, then by all means use that in your configuration.
Musab
(musab)
July 3, 2018, 9:45am
9
Hi jochen,
as I mentioned to jan, the graylog is installed on a vm which NATted by the same firewall.
for this point, Do I need to configure something in graylog to use firewall public IP as graylog REST API ?
jochen
(Jochen)
July 3, 2018, 10:28am
10
This naturally depends on your specific network setup, but setting rest_listen_uri
to http://0.0.0.0:9000/api
should be fine.
Musab
(musab)
July 3, 2018, 10:38am
11
well, I’m already done this but still
jochen
(Jochen)
July 3, 2018, 10:55am
12
Please answer all questions asked by @jan in detail:
What is your current configuration?
What is your goal?
access GL only from outside?
access GL only from the inside?
access GL from both locations?
What is your Network diagram for that environment?
Musab
(musab)
July 3, 2018, 11:05am
13
as I answered here
Musab:
rest_listen_uri = 0.0.0.0:9000/api , web_listen_uri = 0.0.0.0:9000 , rest_transport_uri = 0.0.0.0:12900/api
the goal is to access GL from both locations.
we’re using qemu/kvm environment, where the GL is installed on a VM behind a FW vm.
And I will follow the configuration with another comment
jochen
(Jochen)
July 3, 2018, 11:28am
15
What exactly are “both locations”?
Where’s the network diagram?
Musab
(musab)
July 3, 2018, 11:40am
16
for “both locations”, what I mean is as jan asked,
jan:
What is your goal?
access GL only from outside?
access GL only from the inside?
access GL from both locations?
and for the network diagram, I have described before how the graylog is connected in the network ! as I said here
And here :
jochen
(Jochen)
July 3, 2018, 11:44am
17
What exactly is “inside” and “outside”?
And is the “FW vm” directly connected to the Internet?
How’s routing configured?
Which networking layer is the “FW vm” working on? Layer 2, 3, or higher?
I’ll stop in this thread now, since the required details to understand your setup aren’t there.
Musab
(musab)
July 3, 2018, 11:54am
18
the firewall has an interface outside and one is inside, the vm which the GL is installed on is in inside.
all the internal vms are NATted and routed to outside.
I’m using pfSense, so I think it’s on Layer 3
as you like.
system
(system)
Closed
July 17, 2018, 11:55am
19
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.