LogServer can not log the audit data from DMZServer

[1ncludeSteven]

Describe the bug
It seems that dmzserver cannot access port 9200 of logserver, so that logserver cannot record the audit data of dmzserver?

To Reproduce
curl http://172.16.0.3:9200 in internalserver is successful as below:

curl http://172.16.0.3:9200 in dmzserver is failure as below:

Also we can see the error in auditbeat log data using journalctl -u auditbeat -f

Expected behavior
Log server can log the audit data from dmzserver.

Screenshots
If useful, add screenshots to help explain your problem.

Solution
I think we can add firewall rul in company router as below:

echo "8,ACCEPT,FORWARDFW,ON,std_net_src,ORANGE,std_net_tgt,GREEN,,TCP,,,ON,,,TGT_PORT,9200,Allow elasticsearch log TCP on port 9200 from ORANGE to GREEN,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second" >> /var/ipfire/firewall/config

Then we can log audit data in dmzserver successfully as below:

[Maspital]

You are absolutely correct 😅 turns out this wasn't caught by the logging system tests because the test event that is used there ends up as a syslog, for which port forwarding is set up properly. I'll add this to the provisioning step and write a small systest that checks if auditbeat logs arrive at the logserver