I have a Zabbix server and a Zabbix agent. They're working fine - but I noticed the agent is sending strange traffic that is being blocked by the firewall. It sends a packet every few seconds that look like:
My server has a 192.168.a.b local IP from my ISP, but they put me in a DMZ so any incoming connection to the external IP I appear from comes to me. That external ip is 76.a.b.c. My agent is at 97.a.b.c.
My server config (no comments, only relevent parameters):
My agent config (no comments, only relevent parameters):
My host config in the Zabbix admin panel:
As I said - everything works. But why is my zabbix agent trying to talk to my zabbix server with a _source_ port of 10050 and a random destination port over TCP?
Code:
Aug 25 23:51:12 hostname kernel: Shorewall:net-fw:DROP:IN=eno1 OUT= MAC=xxx SRC=97.a.b.c DST=192.168.a.b LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=27541 DF PROTO=TCP SPT=10050 DPT=36972 WINDOW=0 RES=0x00 RST URGP=0 Aug 25 23:51:13 hostname kernel: Shorewall:net-fw:DROP:IN=eno1 OUT= MAC=xxx SRC=97.a.b.c DST=192.168.a.b LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=27581 DF PROTO=TCP SPT=10050 DPT=36984 WINDOW=0 RES=0x00 RST URGP=0
My server config (no comments, only relevent parameters):
Code:
ListenPort=10051
Code:
Server=76.a.b.c,127.0.0.1 ListenIP=0.0.0.0 ServerActive=76.a.b.c
Code:
IP address is 97.a.b.c with port 10050 Connections to Host: Certificate Connections from host: PSK & Certificate All boxes are green (Cert; PSK, Cert)
Comment