The case is the Nagios server is sitting in the AWS, while the windows server is sitting behind the firewall and use NAT to access the internet.

you need an public IP address for the server

As show bellow:





To allow the Nagios server get info from the Windows server, we need to configure the one-to-one NAT on the edge router/firewall, enable firewall to pass the port 5666 traffic pass through.

on cisco router:

 r1(config)#ip nat inside source static


  • enter the interface mode and specify the inside interface:
    r1(config-if)# ip nat inside
  • enter the outside interface mode:
    r1(config-if)# ip nat outside

On a home router such as D-link, you can find related page if your router support one-to-one NAT:

List of Rules
No. Original IP Translated IP Interface DMZ Forwarding Description Status Action
1 WAN1 Enable winserve



On the firewall issue command:

H3C firewall:

rule 520 permit tcp source 0 destination 0 destination-port eq 5666

Note that, the destination address is the private address, not the public address.

Cisco router:

access-list 101 permit tcp host host eq 5666