I'm having a strage situation. I could be wrong, but based on my understanding, it looks like there is a "conflict" in zabbix design for proxy configuration.
My assumption is that the main role for a proxy is to "stay" in a private network, collect informations from the agents / monitor SNMP devices in the private network and send all the data to the zabbix server. Anything wrong with this? I hope not...
Let's think about the following scenario:
proxy in the private network IP:192.168.1.1
proxy port: 10051
server on different location accessible over Internet: IP x:x:x:x:10051
In order to be able to monitor the "health" of the proxy itself, we need to have an agent running on the same machine, meaning the proxy, So:
agent on proxy port:10050
On the server side we need to configure a host corresponding to the proxy machine and we need to ask this host to be monitored through the proxy. As the proxy is the a private network, the IP for that host (proxy) should be the private address - 192.168.1.1.
Everything is ok, so far, but in case we want to run remote commands on the proxy machine, the server needs to get in touch with the agent running on the proxy machine. So, using the private IP is not a good option. (we assume that the firewall is properly forwarding the port 10050 to 192.168.1.1:10050).
At the same time, using the "external" IP address with proper port forwarding will allow execution of remote commands, but will "kill" the monitoring as the proxy will not be able to identify itself by the "external" address.
In conclusion, it looks like proxy and remote commands exclude each other and cannot be configured together. You can easily imagine the same scenario for any agent in the private network. In order to be monitored through the proxy, the private address should be used in the host configuration, as for remote commands the external IP + proper port forwarding is required.
Any other idea? Something wrong in my thinking?
Thanks
My assumption is that the main role for a proxy is to "stay" in a private network, collect informations from the agents / monitor SNMP devices in the private network and send all the data to the zabbix server. Anything wrong with this? I hope not...
Let's think about the following scenario:
proxy in the private network IP:192.168.1.1
proxy port: 10051
server on different location accessible over Internet: IP x:x:x:x:10051
In order to be able to monitor the "health" of the proxy itself, we need to have an agent running on the same machine, meaning the proxy, So:
agent on proxy port:10050
On the server side we need to configure a host corresponding to the proxy machine and we need to ask this host to be monitored through the proxy. As the proxy is the a private network, the IP for that host (proxy) should be the private address - 192.168.1.1.
Everything is ok, so far, but in case we want to run remote commands on the proxy machine, the server needs to get in touch with the agent running on the proxy machine. So, using the private IP is not a good option. (we assume that the firewall is properly forwarding the port 10050 to 192.168.1.1:10050).
At the same time, using the "external" IP address with proper port forwarding will allow execution of remote commands, but will "kill" the monitoring as the proxy will not be able to identify itself by the "external" address.
In conclusion, it looks like proxy and remote commands exclude each other and cannot be configured together. You can easily imagine the same scenario for any agent in the private network. In order to be monitored through the proxy, the private address should be used in the host configuration, as for remote commands the external IP + proper port forwarding is required.
Any other idea? Something wrong in my thinking?
Thanks
Comment