Hello,
I have problem, and I cannot find solution of my problem. I have standalone Elasticsearch on 10.1.251.1, and hosts (Ubuntu 20) with Suricata on 10.2.251.5 and 10.1.251.5. When I try connect fro 10.1.251.1 to my elastic host everything is ok. But when I run the same command in second host I have error.
curl https://10.1.251.1:9200
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to 10.1.251.1:9200
and
openssl s_client -connect 10.1.251.1:9200
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
In elastic config elasticseach.yml I have configuration allow remote connection
network.host: 0.0.0.0
I catch pcap and I found RST from server, I searched a problem in firewall but there aren't any logs of deny, only reset from 10.1.251.1 (elastic host). Any idea?