Passive proxy on low port possible ?
Hi all,
I am relatively new to Zabbix but reasonably experienced on networks, firewalls, and some linux
Please help me out to understand the limitations and possebilites for a passive proxy and the FIXED-firefirewall-setup I currently face:
I need to monitor quite some hosts through a VPN, but have a linux host insite the location.
The FW setup is fixed and not changed easily nor quickly .
But I have 1 spare open port to my inside host ; TCP80
Connections from Inside to my zabbix frontend outside are prohibited
A passive proxy looks the best way to monitor my inside hosts, as :
1) it is polled actively from the frontend ( session starts from the correct end )
2) the inside host does monitor local network performance, without delay and load on the VPN )
Correct me here if I make the wrong assumptions/statements.
Configuring the ListenPort= value in /etc/zabbix/zabbix_proxy.conf revealed the proxy can not listen on a low ( < 1023 ) port
Nor can define TCP or UDP.
Questions:
3) Can I configure TCP 80 on the passive proxy side , despite the limitation ( check ) in the software?
4) What other options can I use to combine a proxy with limited access to my machine?
5) Is TCP or UDP set or limited somewhere else ?
6) And can I use zabbix on the local host to somehow trigger a local action when the frontend has not contacted within the last xx Minutes?
( I can use a mail smarthost ).
If not I can script and monitor the incoming sessions and action things outside Zabbix
I do not want to start an extra VPN within the VPN as it would break security policies
If this is discussed before, please link the post,and let me study that first. ( couldn't find it in a reasonable amount of time )
Regards M-H
I am relatively new to Zabbix but reasonably experienced on networks, firewalls, and some linux
Please help me out to understand the limitations and possebilites for a passive proxy and the FIXED-firefirewall-setup I currently face:
I need to monitor quite some hosts through a VPN, but have a linux host insite the location.
The FW setup is fixed and not changed easily nor quickly .
But I have 1 spare open port to my inside host ; TCP80
Connections from Inside to my zabbix frontend outside are prohibited
A passive proxy looks the best way to monitor my inside hosts, as :
1) it is polled actively from the frontend ( session starts from the correct end )
2) the inside host does monitor local network performance, without delay and load on the VPN )
Correct me here if I make the wrong assumptions/statements.
Configuring the ListenPort= value in /etc/zabbix/zabbix_proxy.conf revealed the proxy can not listen on a low ( < 1023 ) port
Nor can define TCP or UDP.
Questions:
3) Can I configure TCP 80 on the passive proxy side , despite the limitation ( check ) in the software?
4) What other options can I use to combine a proxy with limited access to my machine?
5) Is TCP or UDP set or limited somewhere else ?
6) And can I use zabbix on the local host to somehow trigger a local action when the frontend has not contacted within the last xx Minutes?
( I can use a mail smarthost ).
If not I can script and monitor the incoming sessions and action things outside Zabbix
I do not want to start an extra VPN within the VPN as it would break security policies
If this is discussed before, please link the post,and let me study that first. ( couldn't find it in a reasonable amount of time )
Regards M-H
Comment