If you are not running any VPN or Tunnels to make the external network part of yours you need to use the external ip and forward the ports. You can also use the agents in active mode. This makes them connect to the server and you don't need forwarding.

ok thanks so much for clarifying that

when you say you can use agents in active mode, do i need to change this under the triggers / items under the templates or would it be better for me to read up on that somewhere?

thanks again.

its always good to read, but you need to change 'Type' when editing an item to "Zabbix agent active" from "Zabbix agent".

You will also need to adjust the config file on the agent so it will retrieve items from the server to monitor. It can be found in the manual

thanks, might go with the first option with the port forwarding as that worked straight away as trying to re-edit everything and testing might take some time and getting it to work again...

what would you recommend if you have multiple clients without a VPN / tunnel to the LAN?

thanks so much

my other question would be what if you had 2 servers on the remote site.

you setup agents on both and still leave default forwarding ports or have to open and setup new ports per / server / agent and then do the forwarding on the router/firewall?

then how would you setup the hosts file?

thanks.

my other question would be what if you had 2 servers on the remote site.

you setup agents on both and still leave default forwarding ports or have to open and setup new ports per / server / agent and then do the forwarding on the router/firewall?

then how would you setup the hosts?

thanks.

You need to forward a new set of ports for each server. You can still forward a port to the default agent port more then once but the external port needs to be different.

1st server: 10050 > 10050
2nd server: 10051 > 10050

The external ports need to be configured on the zabbix server under the host settings "Zabbix agent port".

Sry to open this old thread

But Im trying to get this to work with different ports for more than one client outside LAN, is there any that can give dirrect me in a very basic way?

Tnx Tom

Hi Tomras,

As Bennie said, all about the port forwarding / NAT on the firewalls and config.

Yes that I understand and I dont have any problem opening ports for the incomming connection, problem is when I try another port beside the standard port it just don't work? If someone had a working config for the client agent so I could compare with my settings it would be great, and settings for the host configuration, im stuck here

/ Tom

Hello Tom,

I would say that you have a port forwarding issue here. I don't know your exerience level in this but i would suggest you the following:

1) On router at your remote location set up port forwarding for each Host you want to monitor. It should go like this:

Host => External IP => Ext. Port => Internal IP => Int. Port
Comp.A => 87.230.xx.xx => 10062 => 192.168.1.2 => 10050
Comp.B => 87.230.xx.xx => 10063 => 192.168.1.3 => 10050
etc.

2) Please check your zabbix_agent.conf file on all the remote hosts to see if the port settings there match the ones you have entered in router (should be 10050 if you have not manually changed them)

3) On Zabbix frontend add the remote hosts by entering the External IP of your remote location and the correct External Port you have assigned for each host.

4) Check if the hostnames in configh match correctly for all devices you monitor.

Hope this helps!

BR
Ingus

Well, it looks a little bit complicated...
Let's start the explanation with some numbers.

We have Main Office where Zabbix server with internal IP 1.1.1.1 and external IP 250.250.250.250.
Zabbix server send request to zabbix agent using the port 10050 and receive data from agent on port 10051

Then we have Branch Office where one FireWall and two servers were installed.
FW has the External IP 100.100.100.100.

Server1
- internal IP 2.2.2.2
- external IPort 100.100.100.100:11112

Server2
- internal IP 2.2.2.3
- external IPort 100.100.100.100:11113

FW port forwarding rules:
- all external request which are going to 100.100.100.100:11112 translate to internal 2.2.2.2:10050
- all external request which are going to 100.100.100.100:11113 translate to internal 2.2.2.3:10050

Zabbix Server Frontend configuration:
host Server1:
- Agent Interfaces:
- IP Address: 100.100.100.100
- port: 11112

host Server2:
- Agent Interfaces:
- IP Address: 100.100.100.100
- port: 11113

You don't have to change any default setting in zabbix_agent.conf because there are the FireWall who cares about translating requests and ports to correct numbers.
Only one thing which has to be configured correctly is the IP address of Zabbix Server.
First, check if you have any access from the agent side to server:
and if you get the empty line and server will wait until your input - you have a connection!
Hit any key and close connection.
Then, write {ip_of_zabbix_server} in zabbix_agent.conf file
If you cannot connect to Internal IP of your server - try to use External IP.
If it doesn't work - check/create Port Forwarding rules for the FW which protect the network where your Zabbix Server lives.

Your goal is to create/test a connection between each zabbix_agent and zabbix_server.
I hope that you still have a cold brain and this complicated things did not brought you crazy.

wow!
so many explanation for PAT and NAT stuff

are you mapping as an example below?

10050 -> SERVER 10050
10051 -> SERVER 10050
10052 -> SERVER 10050

or

10050 -> SERVER 10050
10051 -> SERVER 10051
10052 -> SERVER 10052

--

if you are mapping like the second option you need to make sure its listening on the right port in the config file on the server / device thats being monitored.

You can run a simple telnet test on the port outside of the organisation to test if its listening or not.

I prefer the first option of doing things.