Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » hardware » How to redirect Netflow to Trisul across network segments using NAT
Trace:
hardware:gatewaynetflow

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
hardware:gatewaynetflow [2019/01/03 18:33] – [Shutdown ufw or disable firewalld] veerahardware:gatewaynetflow [2019/01/07 11:45] (current) – [How to redirect Netflow to Trisul across network segments using NAT] veera
Line 1: Line 1:
 ====== How to redirect Netflow to Trisul across network segments using NAT ====== ====== How to redirect Netflow to Trisul across network segments using NAT ======
  
-In some customers, Trisul is on a separate segment from the production routers. These sites often have a gateway device that be be used to access.  The routers can each the gateway to export NETFLOW but cannot reach the Trisul server. The picture below shows how the setup is.+In some customers, Trisul is often deployed on a separate segment from the production routers or routers in the DMZ. These sites often have a gateway device that be be used to access.  The routers can reach the gateway to export NETFLOW but cannot reach the Trisul server directly. The picture below shows how the setup is.
  
 {{:hardware:netflow-nat.png?600|}} {{:hardware:netflow-nat.png?600|}}
  
-This HOWTO explains how to use  Linux IPTABLES NAT to move between the two.+This HOWTO explains how to use  Linux IPTABLES NAT to solve the issue.
  
 +<note>You may want to setup a GRE Tunnel instead to preserve the router IPs while also using the source IP of the gateway node, read "[[hardware:gretunnel|Setup GRE Tunnel]]"</note>
 ===== IPTABLES Port based NAT ===== ===== IPTABLES Port based NAT =====
  
-On the gateway device you just need to run the following commands, say you want to move port 2055 to a particular IP.+**On the gateway device** you just need to run the following commands, say you want to move port 2055 to a particular IP.
  
 ==== Shutdown ufw or disable firewalld ==== ==== Shutdown ufw or disable firewalld ====
Line 23: Line 24:
  
 # Make sure ip forwarding is enabled in kernel # Make sure ip forwarding is enabled in kernel
-echo 1 > /proc/sys/net/ipv4/ip_forwarding+echo 1 > /proc/sys/net/ipv4/ip_forward
 </code> </code>
  
Line 32: Line 33:
  
 <code> <code>
-$ iptables -t nat -A PREROUTING -p udp +$ iptables -t nat -A PREROUTING -p udp --dport 2055 -j DNAT --to-destination 10.10.10.17:2055
-    --dport 2055 -j DNAT --to-destination 10.10.10.17:2055+
 </code> </code>
  
Line 50: Line 50:
 '' ''
 ==== Reference ==== ==== Reference ====
- 
-How to redirect incoming traffic on a port to another IP https://my.esecuredata.com/index.php?/knowledgebase/article/49/how-to-redirect-an-incoming-connection-to-a-different-ip-address-on-a-specific-port-using-iptables/  
- 
  
  
 +Forwarding and NAT  with IPTABLES : Redhat https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html  
hardware/gatewaynetflow.txt · Last modified: 2019/01/07 11:45 by veera