Hi!
I'm trying to set up a Zabbix Proxy to record data from several servers placed behind a very restrictive (and completely out of my control) firewall. There's only one port open for incoming connections: 22. Not a single usable one for outgoing.
To put it in perspective: I can ssh to the proxy server (Dido) from my Zabbix server (Aeneas). That's all.
So, I've created a reverse ssh tunnel: all connections to Dido:10052 are actually redirected to Aeneas:10051. AFAIK, you need nothing more to make a proxy work.
Dido is configured to communicate with localhost:10052. I can telnet to this port and Aeneas answers, so I'm discarding tunnel-related issues here. Other agents are configured to use Dido:10051 as their server. In the GUI I've added Dido as a proxy and configured the monitored servers accordingly. And it doesn't work:
- The proxy log shows a different message when the tunnel opens:
I don't know what this failure means, but Aeneas doesn't has any reference to Dido in its logs.
- Even though the servers are configured as being proxy-monitored, Aeneas tries to connect to their port 10050 once and again (and fails, obviously).
- No data is being collected in the proxy.
I'm really stuck with this.
I'm trying to set up a Zabbix Proxy to record data from several servers placed behind a very restrictive (and completely out of my control) firewall. There's only one port open for incoming connections: 22. Not a single usable one for outgoing.
To put it in perspective: I can ssh to the proxy server (Dido) from my Zabbix server (Aeneas). That's all.
So, I've created a reverse ssh tunnel: all connections to Dido:10052 are actually redirected to Aeneas:10051. AFAIK, you need nothing more to make a proxy work.
Dido is configured to communicate with localhost:10052. I can telnet to this port and Aeneas answers, so I'm discarding tunnel-related issues here. Other agents are configured to use Dido:10051 as their server. In the GUI I've added Dido as a proxy and configured the monitored servers accordingly. And it doesn't work:
- The proxy log shows a different message when the tunnel opens:
Code:
4802:20081211:153901 Unable connect to the server [localhost]:10052 [Cannot connect to [localhost:10052] [Connection refused]] 4802:20081211:154001 Heartbeat message sendig failed
- Even though the servers are configured as being proxy-monitored, Aeneas tries to connect to their port 10050 once and again (and fails, obviously).
- No data is being collected in the proxy.
I'm really stuck with this.
Comment