The case is the Nagios server is sitting in the AWS, while the windows server is sitting behind the firewall and use NAT to access the internet.
you need an public IP address for the server
As show bellow:
To allow the Nagios server get info from the Windows server, we need to configure the one-to-one NAT on the edge router/firewall, enable firewall to pass the port 5666 traffic pass through.
on cisco router:
r1(config)#ip nat inside source static 192.168.20.253 22.214.171.124
- enter the interface mode and specify the inside interface:
r1(config-if)# ip nat inside
- enter the outside interface mode:
r1(config-if)# ip nat outside
On a home router such as D-link, you can find related page if your router support one-to-one NAT:
|No.||Original IP||Translated IP||Interface||DMZ Forwarding||Description||Status||Action|
On the firewall issue command:
rule 520 permit tcp source 126.96.36.199 0 destination 192.168.20.253 0 destination-port eq 5666
Note that, the destination address is the private address, not the public address.
access-list 101 permit tcp host 188.8.131.52 host 192.168.20.253 eq 5666