How to port forward wazuh server

[Joshua John Consulta]

Please guys help me with my concern. I already port forward my kibana ip and the port but I can't open the dashboard using the public IP. and with connecting the wazuh agent to the server using the public ip i port forwarded

Best regards,
Joshua 

[Valton T.]

I think u need to do this into your router and setup an NAT translating from pub ip to an localone. 

[Norberto Cesar Vicchi]

Hello Joshua! 
I sent you by mistake a private message. I apologize for that.

In order to help you, can you please give me some insight of your installation?

- What version of Wazuh did you install?
- What was the installation type?
- What OS an version is the manager running on?

- The server is in a local network, remote network, AWS, etc?

- Do you have any logs?

- What attempts do you remember to have done?

Generally, if you followed the installation guide everything works just out of the box. But depending for example on the OS, some additional steps might be necessary.

For example you specified that you port forwarded the port (so I asume you have a router), but a firewall might be running at the router or in the server, preventing the connection.

Regards,

Norberto

[Joshua John Consulta]

- What version of Wazuh did you install?

     Wazuh server v4.2

- What was the installation type?

     

• All-in-one deployment 
• Step-by-step installation

- What OS an version is the manager running on?

   Ubuntu 22.10

- The server is in a local network, remote network, AWS, etc?

   In a VM, Windows admin center hyperV

- Do you have any logs?

  None

- What attempts do you remember to have done?

  I attempt to connect my agent using the port forwaded public ip of the wazuh server 

[Joshua John Consulta]

Already did that.

[Joshua John Consulta]

Another error is that in the logs. Its unable to get authentication key from the server

best regards

[Norberto Cesar Vicchi]

Joshua, 

                  Let's check if the firewall in the Ubuntu machine is getting in the middle. What I am going to propose it's only for testing porpouses, not to leave that way.

First, you can check Firewall status in the server with:

sudo ufw status

If it shows that the firewall is running, please disable it:

sudo ufw disable

Then try again to connect from outside (with port forwarding enabled).

Regards,

Norberto

[Joshua John Consulta]

I already tried that but still didn't work

[Joshua John Consulta]

Whenever I try to connect my agents to my server using the public ip, the logs always shows that unable to receive the authentication key.

[Norberto Cesar Vicchi]

Which port/s did you forwared? Please take a look at the required ports table to make sure you have forwarded all necessary ports.

Regards,

Norberto

[Joshua John Consulta]

Ports 1514 and 1515. Still my agents won't connect to the server using the public ip of my server

Thank you,

Joshua

[Norberto Cesar Vicchi]

Joshua, 

                    In your server, try this command:

                     netcat -z -v 127.0.0.1 1514-1515

and from outside your server, try:
                    netcat -z -v youServerIP 1514-1515

What are the responses in each case?

Please make sure the firewall is disabled and the ports are correctly forwarded.

Regards,

Norberto
                    

[Norberto Cesar Vicchi]

Joshua, 

                 Please remember to "Reply All" instead of "Reply" so this conversation might be useful to others in the future.

                 If you need to test connectivity from windows, you could use the command telnet (which although not a raw TCP client, it is useful anyway).

                 You should try: 

                       telnet yourServerIP 1514

                       telnet  yourServerIP 1515

                 You've already confirmed that the ports are open (locally) so Wazuh seems to be running just fine. A firewall policiy or a misconfiguration on the forwarding rules seems to be problem. Let's try to find it!

Regards,

Norberto