Ad Widget

**bdo** · 24-05-2006, 12:46

Hello

I've got the same problem, and I don't know how to solve it !!

Someone can help plz ???
And what about this "patch to work by name" ?
I would like to try it ...

Thx
Bdo

Originally posted by selin

We have Zabbix installed on a LinuxHA cluster. The configuration is as follows:

LNXZBX01
eth0 10.4.4.105
eth0:1 10.4.4.107 (floating/virtual IP)

LNXZBX02
eth0 10.4.4.106
eth0:1 10.4.4.108 (floating/virtual IP)

The cluster does what it is designed to do - fails over the MySQL instance and the IP (10.4.4.107). Unfortunately, the virtual IP is not being used by the Zabbix server to communicate with the agents - instead 10.4.4.105 is used. Hence, the agents reject the connection with the message:

Connection from [10.4.4.105] rejected. Allowed server is [10.4.4.107]

Is there a way of specifying the outbound IP to use for the Zabbix server? Setting the Server=10.4.4.105 in the zabbix_agentd.conf file basically negates the value of the cluster. Not having eth0 set with an IP means that when we choose to take the cluster down, we cannot communicate with the rest of the network.

Any ideas? I saw the patch to work by name, but I was wondering if there was a parameter that I had missed or if the functionality was to be added in the future...?

**wschlich** · 26-05-2006, 21:49

An option for specifying the local query source address is needed here -- it could be named SourceIP.

Also a ListenIP option is missing for the server (the agent has it).

Alexei, please comment on this issue. TIA!

**bdo** · 01-06-2006, 13:04

This can help you : include this in your HA script :

To Create A new Virtual IP Address
/sbin/ifconfig eth0:0 192.168.1.100

To Force Outbound packets to use this Virtual IP
/sbin/ip route change default via 192.168.1.254 dev eth0:0 src 192.168.1.100
/sbin/ip route change 192.168.1.0/24 dev eth0 src 192.168.1.100

Check the result using ip addr list, ifconfig -a and ip route list

It also works with VLAN and bonding !!

--bdo

Originally posted by wschlich

An option for specifying the local query source address is needed here -- it could be named SourceIP.

Also a ListenIP option is missing for the server (the agent has it).

Alexei, please comment on this issue. TIA!

**Deelight** · 20-06-2006, 18:16

Thanks, but it would still be great to have a solution to force the zabbix server (and not all the outgoing traffic) to use a specific network interface.

**wschlich** · 20-06-2006, 18:43

binding to a specific IP address for outgoing traffic is a very standard feature for any network application that initiates connections.

usually, you bind a specific service to a specific ip address only used for that service (or group of services, like mail -- smtp/pop3/imap) to achieve the following:

a) being able to move the service from one host to another without having to suffer from DNS update issues/lags
b) not exposing that and what other services are running on the same machine

so, if you bind the service to a service IP for incoming connections, it's just on purpose to bind it to that IP for outgoing connections as well (if it initiates any, like an MTA -- postfix for example supports that).

**Deelight** · 21-06-2006, 10:54

That's right, i'd like to bind the zabbix server to a specific IP adress for outgoing traffic to give authorization to this specific IP address on my monitored servers' firewalls. The other services I have on the machine which hosts the zabbix server are associated with a different IP address which has no access to the monitored servers.

**carl** · 29-12-2006, 23:18

I certainly second this feature request. It's usefull for situations where you want to have a specific zabbix IP so should you want to move zabbix you don't have to either 1) change the actual zabbix servers primary IP (which may have other services running 2) update all the agents to use the new IP

**Alexei** · 29-12-2006, 23:51

I agree that this functionality must be implemented. Meanwhile you can use comma delimited lust of IP addrsses in parameter Server on agent side:

Server=10.4.4.105,10.4.4.106,10.4.4.107,10.4.4.108

**azurit** · 04-01-2008, 18:58

when ?

anyone knows when this will be implemented ? i really need to use another interface (i can't bypass it by specifing several IP addresses on agent side..)

**qix** · 04-01-2008, 19:06

I'm not sure if this will work, but if you set the ListenIP parameter in the server config, doesn't this also influence outgoing traffic?

Could someone test this?

I do not yet have HA running but I am required to build it in about the next 6 months or so.

**azurit** · 04-01-2008, 19:14

Originally posted by qix

I'm not sure if this will work, but if you set the ListenIP parameter in the server config, doesn't this also influence outgoing traffic?

Could someone test this?

I do not yet have HA running but I am required to build it in about the next 6 months or so.

no, it won't help, i tested it.

**mjnz** · 03-02-2008, 02:12

Originally posted by Deelight

Thanks, but it would still be great to have a solution to force the zabbix server (and not all the outgoing traffic) to use a specific network interface.

The way I've done this in the past is to use iptables and source NAT, with a rule similar to:

iptables -t nat -A POSTROUTING -s 10.4.4.105 -p tcp --dport 10050 -j SNAT --to 10.4.4.107

I hope this is of some use to you.

**nelsonab** · 21-08-2008, 09:12

I hope to have a patch in a few days for this.

**Alexei** · 21-08-2008, 09:15

Originally posted by nelsonab

I hope to have a patch in a few days for this.

What patch? It is already implemented for pre-1.4.7 and 1.5.x. The parameter is called SourceIP.

Ad Widget

Force Zabbix Server to Use Specific Interface

Force Zabbix Server to Use Specific Interface

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment