Hi There.

I have a problem with monitoring external hosts from my zabbix server (V1.0)located on my internal network.

My network
Internal=192.168.1.*
external=196.36.11.*

Zabbix Server=192.168.1.47

Between my zabbix server and the monitored machine is a firewall that performs natting(Network Address Translation).

Client
Internal=192.168.1.*
external=196.14.176.*

Due to this, the monitored machine becomes "unreachable".

Is there a way, i can specify in the agent, that the traffic needs to go threw a specific gateway inorder to reach the intended zabbix server??

Help is greatly appreciated!!!!

Is your firewall open for zabbix? (port 10051 by default I think, check firewall logs)
Does a ping from your zabbix server to your monitored computer work?

I had no problems to monitor my private computer at home (public IP) with the zabbix server in the business network 10.100.100.32.

Thanx for the speedy reply.

Firewall is open for traffic, but the Nat Box is performing port forwarding for port:10001, i have setup the server and client to use this port.

From my server i can ping the external client machine, but from the client's network, i can not ping my zabbix server, it needs to go threw a gateway address then port forwards to my zabbix server....

any ideas how i can over come this?

There is nothing in the logfiles? NAT logfiles, firewall logfiles, zabbix agent logfile, zabbix server logfile, messages...
I guess the used zabbix keys are ok? Do you use simple checks like icmpping?

by the way, a "speed reply" is useless if it doesn't help you. :)

Hi Kurt,

This is a routing issue, not a zabbix issue. Your problem is that you have the same network range on both sites, therefore your server can't easily work out which gateway to use for a network.

If you changed the network range on the second site to 192.168.2.x, then you can add a routing rule to your monitoring server saying "to reach 192.168.2.x, route via gateway IP address of 196.14.176.X"

In linux, this would look like this:

/sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 196.14.176.X eth0

If you leave the network ranges the same, then the server will always connect to the IP address you specify on the local network rather than the remote site.

For a better description of routing, google the web for networking tutorials.

Hope this help!

Regards,

John

I thought the two 192.168.1.0 networks are seperated nets.

192.168.1 intern -> 196.36.11 extern -> Internet -> 196.14.176 extern -> 192.168.1 second internal LAN

Thanx for the response guys.

Rudolph, The are seperate networks, this is what makes it a challenge.

Alternatively, i can use an external address for my zabbix server, but unfortuantely for me, i have run out of Public IP Addresses to use :(

Do u think that zabbix agent will be able to go through a proxy server in any of the alpha releases?

I still don't know if I really understand your network. You have:

Zabbix Server
192.168.1.47
a computer with one network card in your LAN

Gateway with NAT
internal NIC 192.168.1.*
external NIC 196.36.11.*
all computers from the LAN (192.168.1.0) are visible with IP 196.36.11.? on the Internet (NAT)

Here between the 2 networks is the Internet, or WAN, or whatever... Some routers and gateways...

Client with Zabbix agent
external NIC 196.14.176.*
internal NIC 192.168.1.* (not important to know, because we "found" the zabbix agent already)
This LAN is separated from the other LAN, it can be in another city or country
This client is a gateway (and router and firewall probably) for the other LAN, and makes also NAT (but this doesn't matter in our case)


Well, that's a very normal network. The Zabbix agent collects the data on the client you monitor (no agent needed if you only do simple checks). Then the Zabbix server (192.168.1.?) connects to the client 196.14.176.? to the port you defined in agentd.conf (or whatever you call it). And the client send the data back to your server. Because the zabbix server started the conection, the data from the client to the server will reach the server in your LAN. (The same technic if you read this forum with http connection, or your colleague is sending a mail to someone on the internet).

From my server i can ping the external client machine, but from the client's network, i can not ping my zabbix server, it needs to go threw a gateway address then port forwards to my zabbix server....

Of course you can't ping your server from your client, because they are on 2 different LAN's (it's just coincidence that both class C networks have the same IP range 192.168.1.0/24). But you don't have to. And what about this port forwarding? You don't need it. Because the server in your LAN connects to the gateway of your other LAN (the computer you want to monitor), and data is sent back, like I described above.

You say you can ping the client from your zabbix server. This means that your network seems to be ok. (Don't do anything of your wild ideas like port forwarding or changing IP's). If you can ping manually and you get a "host unreachable" with zabbix, then the problem must be in your zabbix configuration.

SORRY for this long post. Or maybe bytesize's message is more correct then mine. It depends if your network is really like I think it is, or if it is like byte think it is. I don't know...

Hi there Guys, Thanx for all your feed back, but i just got figure out where the problem is. I`m assuming its one of the firewall rules. I have 4 Firewalls and a router i need to setup for port forwarding. Fair enough i have setup port forwarding on the firewalls and allowed port 10001 on the Router to no avail. :(

I was thinking last night, What about a tunneling protocol that could bypass the routers and firewalls, that could encapsulate the zabbix packets through a secure tunnel.

I believe the SSH is the Best Program to use for this kinda of setup.

Another friend of mine suggested i should look into using Reverse SSH Tunnel as the server initates the connect to the client.

DOES ANYBODY KNOW HOW TO SETUP AND CONFIGURE A REVERSE SSH TUNNEL FROM MY ZABBIX SERVER (RedHat9) TO A WINDOWS 2000 SERVER????

Any Help would be much appreciated!!!!!

Thanx.
PS. ZABBIX FREAKING ROCKS!!! I have used many Monitoring software and have found that zabbix is the most simplist package to setup and configure. HAIL TO THE ZABBIX GODS! - Alexi you rock my friend. Keep up the good work! :)

I would suggest to upgrade to 1.1 at some point (when 1.1 is released). This would enable usage of active checks. ZABBIX agents will connect to server, get list of metrics for monitoring, and then periodically send required information to the server. This doesn't require connections from ZABBIX server to agent connections.

So, on a firewall, you may setup single port forwarding to ZABBIX server running on 192.168.X.X.

if u got everything installed correctly for zabbix_agent and its *.conf

and u got "no route to xxx.xxx.xxx.xxx" BUT u can ping the systems back and fro means is a firewall blockage

solution: go to firewall setting for linux and add "10050:tcp" and click OK

worked for mi !

cheers