# Question about Icinga



## tatools (Apr 13, 2019)

Hi all,

i have a question about Icinga.

Following situation:

Corporate network  -> via VPN to Customer -> FreeBSD server Customer (192.168.x.x) -> via NAT into a Jail (10.0.0.x)

Question: Must here on both the customer server and in the Jail Icinga Satelite, or is it enough in the Jail? Can the NAT here via the port 5665 directly forward everything in the Jail, so that in the customer network then a server can be monitored via satellite?


----------



## D-FENS (Apr 13, 2019)

I am not sure if I understand your question correctly, so tell me if I am wrong.
You want to have a certain monitoring agent (the software Icinga) to be accessible via NAT on a jail, right? The port is 5665?

So regarding the network connection - what you need is to have a DNAT on the customer server with port forwarding configured. This is usually done in the firewall configuration by using kernel NAT or via natd and its configuration file.
The customer server needs to forward port 5665 to the jail.
Then on the jail if there is a firewall active, it should allow external access to port 5665.
Also, you need to start the monitoring agent in the jail, that would presumably start listening on port 5665.

So:

Server does DNAT (port forwarding of port 5665)
Server's firewall allows incoming packets on this port.
Jail's firewall allows incoming packets on this port.
An instance of Icinga satellite runs in the jail and listens on port 5665.


----------



## D-FENS (Apr 13, 2019)

And if you have functional questions about the software Icinga you need to contact its vendor. It's unlikely that many people in this forum know enough to help you out.


----------

