This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Port 22 not communicating between Netwitness Head and VLC ?

DevarajMohan1
New Contributor
New Contributor

‎2020-05-22 11:58 PM

Hi Team,

As per RSA firewall requirements the port 22 need to be open between Netwitness Head and VLC we facing issue in that. Please find the details below.

 

1) Our VLC is in remote location and Public IP NAT done in firewall level for Both VLC and Netwitness Head.

 

2) While trying to curl -v <VLC IP>:22 we getting connection timed out we have checked and done troubleshooting in firewall level with help our network team and they said configuration is fine in firewall level and Network team suggesting us to chcek in host level. So we checked all the services and all ports are communicating fine except port 22.

 

Kindly suggest on this how we proceed further. 

 

Note - We haven't done any IpTables level/Host level NAT configuration.

0 Likes
2 REPLIES 2

AaronMartin2
Employee
Employee

‎2020-05-26 08:58 AM

To repeat what you said just so I have the understanding and haven't missed anything with an example because every NAT case I find is special.

VLC IP address on the interface is 192.168.1.50 (The real address)

VLC Public IP address is 172.1.1.50 (The NATed IP)

This translation is being handled on the firewall level so no iptable rules have been implemented on the host level. Thus, it should function from Admin Server to ssh root@192.168.1.50 and have no problems. Is this what you are doing?

 

An extra layer of certainty you can have is implementing the IP table rule on the device you are trying to communicate from (Admin Server)

iptables -t nat -A OUTPUT -p tcp -d 192.168.1.50 --dport 22 -j DNAT --to-destination 172.1.1.50:22

The above says that anything TCP meant to go to 192.168.1.50 on port 22 should be routed instead to 172.1.1.50 on port 22

When you are done with creating new rules, do:

service iptables save

Please note that you need to follow this KB for these rules to persist after an upgrade.

000036446 - How to add custom firewall rules after nwsetup-tui has completed in RSA NetWitness Logs &amp; Network 11.x 

0 Likes

AaronMartin2
Employee
Employee
In response to AaronMartin2

‎2020-05-26 09:08 AM

The last thing I'll add is you may want to tcpdump the two hosts at the same time but be careful as you are probably going to tcpdump port 22 and you may see your own traffic as a result (because you are probably connected via SSH) so be smart with your filters.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.