your SSH command is wrong, it should be:

that actually means: after the ssh tunnel is in place, when a connection is made from your zabbix proxy to port 10050 it will be forwarded to 127.0.0.1:10050 on the REMOTE machine. What happens is that a connection to 127.0.0.1:10050 is started FROM the "root@router_ip" machine itself. In the whole procedure I assumed that your zabbix_server resides on the same machine you ssh to, the "router_ip", that's why I used 127.0.0.1, if your zabbix_server is on another machine inside the LAN behind your "router_ip" make sure you enter the LOCAL ip address of the zabbix_server as seen by the router_ip itself.
I know it's a bit tricky but once you fully understand how ssh tunnels work it will be straightforward

Thanks for your reply GArmao

Hummm. My zabbix proxy and my zabbix server are separated by internet.

The ssh command make a port forwarding via ssh tunnel.


zabbix_proxy -----> Internet ------------> zabbix_server

10050------->22------SSH-----22----->10050

When zabbix_proxy going to send data to 127.0.0.1:10050 the data are transfered via the ssh tunnel and when they arrive, they are on 10050 port.


I can't connect to my zabbix-server with his local ip because this network is unknow by my zabbix_proxy. It's not a VPN it's juste an encapsulation of port 10050 over ssh.

mm so, you're executing the SSH command from the zabbix_proxy, correct? when you connect to "root@router_ip", which machine are you connecting to? is router_ip also your zabbix_server or router_ip is just a router, across the internet which can directly reach your zabbix_server listening port?
Which port is your zabbix_server listening to? default should be 10051 but in your ssh port forwarding you're forwarding to 10050

Yes.

router_ip is the public ip of my headquarter. I've add a rule nat in my router to forward incomming traffic on port 22 on my zabbix server.

Yep I've used the default port on zabbix server. It's true that I don't really understand what traffic is send through the port 10050 or 10051 between a proxy and a server.


When I try on zabbix proxy:

I have:

I think he says that my port 10051 is already use because my zabbix proxy listening on this port who is use by the agent connection....

ok so if I understand correctly what you did, ssh root@router_ip will actually connect directly to your zabbix_server because the router_ip will forward your ssh connection to your zabbix_server's ssh console.
In this case, your ssh line should be:

because, basing on your zabbix_proxy.conf:

your zabbix proxy is trying to connect to your zabbix server via 127.0.0.1 port 10050, which is the ssh tunnel that will then connect your zabbix_proxy to your zabbix_server on port 10051 (default listening port of zabbix server for incoming connections).

OMG that's work!!! Lot of thanks GArmao!