Ad Widget

Collapse

Managing hosts over different subnets with Zabbix-Proxy

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • elenabaltor
    Junior Member
    • Aug 2020
    • 5
    #1

    Managing hosts over different subnets with Zabbix-Proxy

    I'm using a pfsense firewall with the Zabbix-Proxy package.
    Since I'm using different independent networks (all managed by my pfsense), I thought using the proxy was a good idea.

    However, I've ran into the following problem.
    the hostname of my pfsense is pfsense.mydomain, and I have 3 different LAN networks: 192.168.1-3.0/24
    Thus, pfsense has 3 gateways on each of these networks: 192.168.1.1, 192.168.2.1 and 192.168.3.1
    with 192.168.1.1 being the main IP. When I ping pfsense.mydomain, the DNS-resolver resolves it to 192.168.1.1.

    But this is a problem, since zabbix-agents that are not on 1.1 can't connect to the pfsense zabbix proxy, because of the following error message:
    Code:
    failed t accept an incoming connection: connection "192.168.2.1" rejected, allowed hosts: "pfsense.mydomain"
    So, apparently, when the pfsense-proxy tries to connect to the agents of the (192.168.2.0/24 network), it uses its 192.168.2.1 address. However, the agents are expecting a connection from 192.168.1.1

    How can I remedy this?
    Obviously, I could just go into every agent, and change the value of Server=pfsense.mydomain too Server=192.168.1.1
    But I feel like there should be a better way to handle this. I don't want to change all of my zabbix-agents again if the pfsense-IP should ever change. Can't I somehow use the same hostname on all nodes?

    What's the common way people handle this sort of situation?
    Tags: None
    • Hamardaban
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • May 2019
      • 2713
      #2
      The dns server must resolve the pfsense.mydomain name to different ip addresses for different subnets. In bind, this is done using " view”.

        Comment

        • elenabaltor
          Junior Member
          • Aug 2020
          • 5
          #3
          Thank you. I was able to achieve this effect by creating a view in the pfsense DNS-Resolver (unbound) Custon Options field:

          Code:
          server:
access-control-view: 192.168.1.0/24 network_one
access-control-view: 192.168.2.0/24 network_two

view:
name: "network_one"
view-first: yes
local-data: "pfsense.dyn. 90 IN A 192.168.1.1"

view:
name: "network_two"
view-first: yes
local-data: "pfsense.dyn. 90 IN A 192.168.2.1"
          I've created two views called network_one and network_two and then just created the custom domain 'pfsense.dyn' for both of them and statically assigned different IPs to both of them.
          When devices in the 192.168.1.0 network try to access pfsense.dyn, they'll get 192.168.1.1 as a response, while devices from the other network will get 192.168.2.1 instead.

          Then I just set
          Code:
          Server=pfsense.dyn
          in every zabbit-agent config file

            Comment

            Previous template Next
            Working...