Recently Viewed Topics
This section demonstrates an example of PVSPassive Vulnerability Scanner running on a virtual machine functioning as a NAT gateway instance within a Google Cloud Platform Compute Engine legacy network.
In the examples used in the instructions for setting up a NAT gateway, the Compute Engine legacy network gce-network was created, which has the network range 10.240.0.0/16. Additionally, the virtual machine instance nat-gateway was created to function as the NAT gateway in gce-network. In this example, three other virtual machine instances were created with the --no-address flag and bound to the tag no-ip, so none of the virtual machine instances are assigned an external IP address and all outgoing traffic is routed to nat-gateway. as a result of the no-ip-internet-route rule that was created.
In this example, there are four virtual machine instances within gce-network:
|VM Instance Name||Internal IP||Has External IP?|
PVS is running on nat-gateway and has the following configuration:
|Monitored Network Interfaces||eth0|
|Monitored Network IP Addresses and Ranges||10.240.0.0/16|
With this configuration, PVS will monitor traffic
- from the internal virtual machine instances to the Internet,
- between nat-gateway and the internal virtual machine instances,
- and between nat-gateway and the Internet.
Note: The routing of packets destined for the gce-network legacy network cannot be changed. As a result, there is no way to configure forwarding of traffic between two internal virtual machine instances through nat-gateway.
The following screenshot of the Hosts section of the PVS UI shows that PVS has visibility into all four virtual machines on the gce-network.