Why is a NAT environment not supported?

Follow

What is Network Address Translation (NAT)?

Network Address Translation or in short NAT, is a common use case is to be able to have multiple servers behind a single external IP address. See https://en.wikipedia.org/wiki/Network_address_translation for more technical details on this.

 

Why doesn't Patchman support NAT?

The mechanism used to a server's identity is based on (among other things) the external IP address of a server. In a NAT environment, there is no guarantee that a server has a unique external IP address, so we don't support it to avoid obscure errors. It also makes binding to a source address difficult, meaning that in case of a server with multiple outgoing interfaces the connection to our management server may go over different interfaces on different occasions, leading to licensing troubles. The ideal solution is to provide the server with an interface that provides direct outgoing connectivity, even if only for Patchman.

 

Overriding the NAT check

If this is not possible and you are certain that each server has a fixed unique external IP address, you can override the NAT check by providing the software with that IP address. For this, you need to create the file /etc/patchman/patchman.ini with the following contents:

[network]
ip=1.2.3.4


Where you replace 1.2.3.4 with the server's external facing IP.

 

Keywords: NATted, NATed, NAT'ed, NAT'd, NAT, Network Address Translation

Have more questions? Submit a request

Comments

Powered by Zendesk