Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » hardware » How to redirect Netflow to Trisul across network segments using NAT
Trace:
hardware:gatewaynetflow

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
hardware:gatewaynetflow [2019/01/03 17:38] – [IPTABLES Port based NAT] veerahardware:gatewaynetflow [2019/01/03 18:34] – [Reference] veera
Line 13: Line 13:
 ==== Shutdown ufw or disable firewalld ==== ==== Shutdown ufw or disable firewalld ====
  
 +since we are working directly with iptables. 
  
 <code  bash> <code  bash>
Line 31: Line 32:
  
 <code> <code>
-$ iptables -t nat -A PREROUTING -p udp --dport 2055 -j DNAT --to-destination 10.10.10.17:2055 +$ iptables -t nat -A PREROUTING -p udp 
-$ iptables -t nat -A POSTROUTING -j MASQUERADE+    --dport 2055 -j DNAT --to-destination 10.10.10.17:2055
 </code> </code>
  
Line 39: Line 40:
  
  
-==== Reference ====+<note important>NOTE: Do not use the MASQUERADE POSTROUTING rule, because we want to preserve the Source IP address of the original router in the netflow packets. Otherwise Trisul can  assume that the Gateway device is the router. 
 +</note> 
 +==== Useful commands ====
  
-How to redirect incoming traffic on a port to another IP [[[https://my.esecuredata.com/index.php?/knowledgebase/article/49/how-to-redirect-an-incoming-connection-to-a-different-ip-address-on-a-specific-port-using-iptables/|link]]]+To view NAT rules with counters 
 +'' 
 +iptables -t nat -vL
  
 +''
 +==== Reference ====
  
  
 +Forwarding and NAT  with IPTABLES : Redhat https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html  
hardware/gatewaynetflow.txt · Last modified: 2019/01/07 11:45 by veera