0

I am setting up a ubuntu server (ver 22.04) so I can place a universal forwarder for Splunk on it and redirect FortiGate traffic to the SIEM (Splunk).

In total there are 6 virtual machines that i am using and all of these virtual machines are connected via Lan segments and IP integration.

here is the network map at the moment

Forwarder: 10.0.1.1/24
fortigate: 10.0.1.254/24
Splunk server: 10.0.1.3/24

I am supposed to put the SIEM as the subnet for the forwarder, with the fortigate being the name server and the gateway. However, it returns this error:

[1]

What seems to be the error as I cant wrap my head around this :/

cheers for all of your help!

DavidPostill
  • 153,128
  • 77
  • 353
  • 394
harryb1912
  • 1
  • 1
  • 1
  • 2
    No idea what you are talking about, but for a `/24` subnet, the subnet address / ID always has `0` as the last octet. (That field is not asking for a host address with a prefix length.) – Tom Yan May 22 '22 at 08:10

1 Answers1

2

That field asks for a SUBNET specification. You entered a host-address in CIDR notation, so it complains that the host bits (the last 8 bits in this case) are not ZERO.

Use 10.0.1.0/24. That should fix it.

It is a bit confusing because usually the first field a form like that asks normally for the ip-address of a host and the 2nd field for the subnet or netmask. (Or there is just one field for host-adress in CIDR notation which, by itself, is sufficient to also define the subnet.)

Newer Ubuntu versions for some reason to it the other way around, which confuses a lot of people.
(This isn't the first question on this site about it.)

Tonny
  • 29,601
  • 7
  • 52
  • 84