Ad Widget

Collapse

CentOS 6 localhost:10051 cant connect to server

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • zuevus
    Junior Member
    • Feb 2015
    • 4
    #1

    CentOS 6 localhost:10051 cant connect to server

    Hi all.
    I have a problem with preparing Zabbix on CentOS.
    I installed zabbix according manual, last the problem that i have it i cant get access to port 10051. I can't find reason. I check all that are possible. OS: centos 6.6 (with kernel 2.6.32-504.8.1.el6.x86_64)
    Details:
    nmap -sS localhost

    Starting Nmap 5.51 ( http://nmap.org ) at 2015-02-02 11:32 MSK
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.0000080s latency).
    Other addresses for localhost (not scanned): 127.0.0.1
    Not shown: 996 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    25/tcp open smtp
    80/tcp open http
    3306/tcp open mysql

    cat /etc/services | grep 10051
    zabbix-trapper 10051/tcp # Zabbix Trapper
    zabbix-trapper 10051/udp # Zabbix Trapper

    netstat -tulpn | grep zabbix
    tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 1298/zabbix_agentd
    tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN 1284/zabbix_server
    tcp 0 0 :::10050 :::* LISTEN 1298/zabbix_agentd

    Firewall(iprtabele service) is off, but for sure:
    cat /etc/sysconfig/iptables | grep 10051
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 10051 -j ACCEPT

    Also for sure :
    service zabbix-server status
    zabbix_server (pid 1284) is running...

    How you see, nmap does't catch port 10051, I cant understand why. Pleas help me. During two days try to solve this.
    Thanks you in advance.
    P.S. I am sorry for possible double post.
    Tags: None
    • ingus.vilnis
      Senior Member
      Zabbix Certified Trainer
      Zabbix Certified SpecialistZabbix Certified Professional
      • Mar 2014
      • 908
      #2
      Hello and welcome to Zabbix forums!

      Maybe SELinux is in your way?

      Code:
      # getsebool -a | grep zabbix
# setsebool -P zabbix_can_network=true
      Best Regards,
      Ingus

        Comment

        • zuevus
          Junior Member
          • Feb 2015
          • 4
          #3
          Great thanks for answer and for help.
          Now it is enabled:
          Code:
          getsebool -a | grep zabbix
zabbix_can_network --> on
          I reboot server, disable iptables and check again:
          Code:
           
nmap -sS localhost

Starting Nmap 5.51 ( http://nmap.org ) at 2015-02-02 16:15 MSK
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000013s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
3306/tcp open  mysql

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
          It still doesn't work.

            Comment

            • quejinho
              Junior Member
              • Jan 2015
              • 11
              #4
              Trun off iptables and selinux till You get that working.
              Check running zabbix server, apache , zabbix agent.
              Do You have acces to apache front ?

              Also check the zabbix server logs

                Comment

                • zuevus
                  Junior Member
                  • Feb 2015
                  • 4
                  #5
                  iptables alredy turn off.
                  Yes, i have access to apache from front and i have access to zabbix web.
                  In logs file we have:
                  Code:
                   1618:20150202:171257.146 Starting Zabbix Server. Zabbix 2.2.8 (revision 51174).
  1618:20150202:171257.147 ****** Enabled features ******
  1618:20150202:171257.147 SNMP monitoring:           YES
  1618:20150202:171257.147 IPMI monitoring:           YES
  1618:20150202:171257.147 WEB monitoring:            YES
  1618:20150202:171257.147 VMware monitoring:         YES
  1618:20150202:171257.147 Jabber notifications:      YES
  1618:20150202:171257.147 Ez Texting notifications:  YES
  1618:20150202:171257.147 ODBC:                      YES
  1618:20150202:171257.147 SSH2 support:              YES
  1618:20150202:171257.147 IPv6 support:              YES
  1618:20150202:171257.147 ******************************
  1618:20150202:171257.147 using configuration file: /etc/zabbix/zabbix_server.conf
  1618:20150202:171257.153 current database version (mandatory/optional): 02020000/02020001
  1618:20150202:171257.153 required mandatory version: 02020000
  1622:20150202:171257.169 server #2 started [db watchdog #1]
  1621:20150202:171257.170 server #1 started [configuration syncer #1]
  1629:20150202:171257.173 server #9 started [trapper #1]
  1630:20150202:171257.173 server #10 started [trapper #2]
  1631:20150202:171257.173 server #11 started [trapper #3]
  1637:20150202:171257.189 server #13 started [trapper #5]
  1638:20150202:171257.189 server #14 started [icmp pinger #1]
  1639:20150202:171257.190 server #15 started [alerter #1]
  1640:20150202:171257.190 server #16 started [housekeeper #1]
  1640:20150202:171257.190 executing housekeeper
  1641:20150202:171257.190 server #17 started [timer #1]
  1636:20150202:171257.191 server #12 started [trapper #4]
  1642:20150202:171257.191 server #18 started [http poller #1]
  1618:20150202:171257.197 server #0 started [main process]
  1651:20150202:171257.211 server #21 started [history syncer #2]
  1652:20150202:171257.211 server #22 started [history syncer #3]
  1653:20150202:171257.211 server #23 started [history syncer #4]
  1654:20150202:171257.212 server #24 started [escalator #1]
  1655:20150202:171257.212 server #25 started [proxy poller #1]
  1656:20150202:171257.214 server #26 started [self-monitoring #1]
  1650:20150202:171257.216 server #20 started [history syncer #1]
  1640:20150202:171257.219 housekeeper [deleted 0 hist/trends, 0 items, 0 events, 0 sessions, 0 alarms, 0 audit items in 0.018421 sec, idle 1 hour(s)]
  1625:20150202:171257.504 server #5 started [poller #3]
  1628:20150202:171257.507 server #8 started [unreachable poller #1]
  1626:20150202:171257.510 server #6 started [poller #4]
  1627:20150202:171257.511 server #7 started [poller #5]
  1623:20150202:171257.512 server #3 started [poller #1]
  1624:20150202:171257.513 server #4 started [poller #2]
  1643:20150202:171257.515 server #19 started [discoverer #1]
  1636:20150202:171337.144 cannot send list of active checks to [127.0.0.1]: host [Zabbix server] not monitored

                    Comment

                    • aib
                      Senior Member
                      • Jan 2014
                      • 1615
                      #6
                      Sorry for a stupid question - but How did you check that port 10051 is accessible?

                      I checked my server and I have the same situation as you:
                      Code:
                      [root@z ~]# cat /etc/services | grep 10051
zabbix-trapper  10051/tcp               # Zabbix Trapper
zabbix-trapper  10051/udp               # Zabbix Trapper
                      Code:
                      [root@z ~]# netstat -tulpn | grep zabbix
tcp        0      0 0.0.0.0:10050               0.0.0.0:*                   LISTEN      23373/zabbix_agentd
tcp        0      0 0.0.0.0:10051               0.0.0.0:*                   LISTEN      23355/zabbix_server
tcp        0      0 :::10050                    :::*                        LISTEN      23373/zabbix_agentd
tcp        0      0 :::10051                    :::*                        LISTEN      23355/zabbix_server
                      And nmap also has NO idea about port 10051
                      Code:
                      [root@z ~]# nmap localhost

Starting Nmap 5.51 ( http://nmap.org ) at 2015-02-02 11:12 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000060s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 991 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
512/tcp  open  exec
513/tcp  open  login
514/tcp  open  shell
5555/tcp open  freeciv

Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds
                      But telnet can easily connect to port 10051
                      Code:
                      [root@z ~]# telnet localhost 10051
Trying ::1...
Connected to localhost.
Escape character is '^]'.
                      May you trust to nmap too much?
                      Sincerely yours,
                      Aleksey

                        Comment

                        • zuevus
                          Junior Member
                          • Feb 2015
                          • 4
                          #7
                          Great thanks for your help.
                          First answer was correct.
                          Just CentOS little silly .
                          I have looked into the audit log(it was good idea ).
                          Problem was in next:
                          Code:
                          type=AVC msg=audit(1422944090.660:1197): avc:  denied  { name_connect } for  pid=1335 comm="httpd" dest=10051 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:zabbix_port_t:s0 tclass=tcp_socket
                          I start dig from this and found some page.(i cant put link "Too many live links/images found in your post content. Please edit your post or contact the administrator.")
                          On the end of this page this listing:
                          Code:
                          getsebool -a | grep httpd_can_network_connect
httpd_can_network_connect --> on
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
                          Exactly like at me.
                          But it still didn't worked. Than i do this several time:
                          Code:
                          setsebool httpd_can_network_connect off
setsebool httpd_can_network_connect on
                          And miracle has come.
                          About nmap you a absolutely right, I don't see now that is port open, but i check not only nmap, i also check by telnet, and "Zabbix server is running" on web face was "No localhost:10051".
                          Now I can connect through the Telnet to 10050 and 10051, and see that "Zabbix server is running Yes localhost:10051"
                          The issue is over.

                            Comment

                            • aib
                              Senior Member
                              • Jan 2014
                              • 1615
                              #8
                              Great news!
                              Sincerely yours,
                              Aleksey

                                Comment

                                • kloczek
                                  Senior Member
                                  • Jun 2006
                                  • 1771
                                  #9
                                  Originally posted by zuevus
                                  And miracle has come.
                                  Off-topic a little ..

                                  Remember principle that Every IT case you can put only in two baskets. First one is with label "simple" and second basket is labeled as "stupid"

                                  Another derivation of above principle is: If your are dealing with some problem longer than 2-3 times than you been thinking that problem should be solved be aware that probability that you dealing with something stupid is rising

                                  http://uk.linkedin.com/pub/tomasz-k%...zko/6/940/430/
                                  https://kloczek.wordpress.com/
                                  zapish - Zabbix API SHell binding https://github.com/kloczek/zapish
                                  My zabbix templates https://github.com/kloczek/zabbix-templates

                                    Comment

                                    Previous template Next
                                    Working...