Description: The customer would like to audit 1 of the system by who is accessing It and currently the customer sees that all logs are from the Network Connector private IP Address.
Sample Setup:
Network Connector (Ubuntu OS)
Tunnel IP Address: 100.96.1.214/30
Private IP Address: 172.31.14.149/20
Application System (CentOS OS)
Private IP Address: 172.31.9.88/20
Connected User Device (Windows OS)
Tunnel IP Address: 100.96.1.34/28
Cause: When SNAT is enabled source IP address of all inbound traffic from CloudConnexa will be set to the Tunnel Gateway IP address.
Resolution: Step 1) You need to disable SNAT from your CloudConnexa Portal > Settings > WPC > Edit > Disable: SNAT > Update.
Step 2) After disabling SNAT in CloudConnexa Portal, next is deleting the configured NAT in iptables of the Network Connector.
# sudo iptables -t nat -D POSTROUTING 1
Step 3) Execute the below commands to save permanently the iptables.
For Debian/Ubuntu:
# sudo iptables-save | sudo tee /etc/iptables/rules.v4
For RHEL/CentOS:
# sudo iptables-save | sudo tee /etc/sysconfig/iptables
Step 4) Add routing in the Application System to have reachability for all the connected user devices and the next hop is the network connector.
# sudo ip route add 100.96.0.0/11 via 172.31.14.149 dev eth0
Step 5) From the connected user device confirm the Tunnel IP Address of who is accessing the Application System.
Verify from the Application System If It's showing now the Tunnel IP Address of who accessed the system instead of the Network Connector IP Address.
Comments
0 comments
Please sign in to leave a comment.