The way you described it, it seems your VPS can start a connection but your server cannot. So, you may have a networking issue.
Maybe some firewall rule that prevents your Server from starting a connection to your VPS.

Just to be sure, is Your Zabbix Server version 5 and your VPS Zabbix Agent version 6?

Maybe you should switch to Zabbix Agent version 5 on the VPS machine.
Next, try Netcat instead of Telnet between your Server and VPS.

Code:

nc -zv smtp.mydomain.tld 10050

Then, try switching your Agent from passive to active and see if your Server can receive new item values (other items, not "agent.item").

Always when I get issues, the first action is to disable the firewall, to check if the problem is about the firewall.

The problem persists even when there is no active firewall on either of the two machines, server and client.

Client
Server
Not response.

With others clients

That's why I think the problem is another.


I've tried change to passive, but same result.

But no error in communication of ping, sshd, etc.

Looks like something prevents 10050/tcp connections from server to VPS. Does your VPS platform (not the server) have a firewall?

Also, since your agent (VPS) can connect to the server at 10051 (= active agent connections would work), what is your use case that requires use of passive checks (= server connects to agent 10050)?

When the connectivity issue is resolved, also note that as mentioned you should not use agent version 6 with Zabbix server version 5. Some things may work but not all.

Markku

Hi.

Yes, I have a firewall.
Yes, i deactivate two firewall (server zabbix and host zabbix agent) for check problem
Yes, verified is not acitve selinux or apprmor other mechanism of bock port.
Yes, I've check during test, logs on VPS client zabbix for chek any issues (security, or other)
Yes, also change zabbix agent to version 5 (zabbix-agent amd64 1:5.0.26-1+focal)
Yes deactivate active check. because active check configuration update from [x.x.x.x:10051] started to fail (cannot connect to [[x.x.x.x.]:10051]: [111] Connection refused)


Yes in logs, get a error network, but any port open in VPS agent fail to nc test.

Yes, I'm desesperated.

Are you the administrator of the network in the Zabbix server side and in the Zabbix agent side?

I'm asking because you haven't said anything about the network details in either side, and this sounds like an underlying network problem so you need other help.

You have said that ping and SSH works, but Zabbix ports don't work.

Example questions for you to continue troubleshooting internally:
1. What kind of firewalls or other network-level middleboxes there are in either side? (You still insisted on commenting on the host firewalls but not the network firewalls)
2. What kind of network address translations (NAT) are used in either side?
3. Since both sides are public cloud platforms (based on the IP addresses you showed), what kind of logging do they offer to help you?
4. What kind of network security groups or access control lists do they offer and how are they currently configured?

Markku

Yes.

i'm an administrator or Zabbix Server and Zabbix VPS Agent, but not an admin of the network. Server Zabbix is on Online.net and VPS is on OVH.
Only admin block of Zabbix client at a level for know if there some firewall (not firewall, on block IP of client Zabbix.
On Online net is the same. Not firewall, and I know if there are some issues o restrictions.
Any restrictions on any port or ip.

1. Firewall is CSF Firewall. For debugging problems, deactivate firewalls on two sides. Problem persists
2. THere are NOT network firewalls on the network. But now I put a ticket in two providers for confirmation.
3. If check from other servers and from my local machine without firewall active, check ncat to Zabbix Agent to 10050 and 10051 and no work. In all Zabbix agents work perfectly `Connection to srv109.xxx.xxxx (x.x.x.x.x) 10050 port [tcp/zabbix-agent] succeeded`!
4. All systems are machines in my infrastructure in OVH and Scaleway. I use bare-metal servers and use KVM for all VPS over Proxmox. I've more 100 vps, and 10 bare metals. All with Zabbix for monitoring with active and passive mode (all Linux in differents distros)
5. Security on all is with Csf Firewall. Some machines have AppArmor, others SELinux, other nothing.

For all in the post, I think a mistake in the Client but I don't see it.
I've checked all.
- Firewalls
- Other tools for security
- Search in etc some about 10050 and 10051 but are declared in /etc/services
- Not acls in network or system

Best regards and a lot of thanks

Agg...
Oh my good.

F**ing iredmail use an internal service nftables.service and this close all port except mail port and web. Is not compatible with CSF Firewall, because of starts after CSF in the boot system.

Deactivate this daemon and now works fine.

Ohhhh

Just edit /etc/nftables.conf

and add rules:

tcp dport 10050 accept

and restart service by:
sudo service nftables restart
or
sudo systemctl restart nftables.service

thats all