I have problem, and I cannot find solution of my problem. I have standalone Elasticsearch on 10.1.251.1, and hosts (Ubuntu 20) with Suricata on 10.2.251.5 and 10.1.251.5. When I try connect fro 10.1.251.1 to my elastic host everything is ok. But when I run the same command in second host I have error.
curl https://10.1.251.1:9200 curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to 10.1.251.1:9200
openssl s_client -connect 10.1.251.1:9200 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 293 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
In elastic config elasticseach.yml I have configuration allow remote connection
I catch pcap and I found RST from server, I searched a problem in firewall but there aren't any logs of deny, only reset from 10.1.251.1 (elastic host). Any idea?