Ad Widget

**tokind** · 15-10-2007, 18:58

Successfully installed and ran zabbix_client stand-alone. Unable to get a response on ports 10050, 10051. Connection refused.

iptables -A INPUT -p tcp -s 172.22.221.100 --dport 10050 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 172.22.221.100 --dport 10051 -m state --state NEW,ESTABLISHED -j ACCEPT

Monitoring server is 172.22.221.100 and it sends queries to port 10050 on the application server (172.22.221.71).

Edited /etc/services and added
zabbix 10050/tcp #Zabbix Agent
zabbix 10051/tcp #Zabbix Agent

Still not getting response to request @ 10050. I did not restart the server, as I need a blessing from the pope to do this.

Where else do I look? Or is there a specific service to restart before edits to /etc/services are loaded?

**nelsonab** · 15-10-2007, 19:08

Are you using SuSEfirewall or your own custom rolled solution? If you're using SuSEfirewall go into Yast under security you'll find the firewall settings. Go through the menu's (Don't have it running right in front of me so I can't give a step by step) and add it as a service. The menu's are pretty self explanitory. This will however open this port to any host connected to the ethernet adaptor you open this port up on. Then check /var/log/messages when you try and connect to it. SuSEfirewall is very verbose in it's output if you want it to be. It can tell you if the packets are being droped and which rule is dropping them. If no messages show up can you telnet to that port from another machine?

Hope this helps a little.

**nelsonab** · 15-10-2007, 19:11

I forgot to add, you may already be aware of this, but just in case for someone else. You can also edit the raw config file for SuSEfirewall in /etc/sysconfig/SuSEfirewall. When you are done editing you can run SuSEfirewall from the command line and it will reload the configuration script. Start and stop are also valid options for SuSEfirewall.

**tokind** · 15-10-2007, 19:31

Thanks. Not running SuSEFirewall, and BTW no GUI interface. I need to do all of this from cli. (I suspect I would have already found what I need if the SuSE world were not so dependent on gui wizards) but hey - noobee's can't whine.

The server I am trying to monitor is a custom application server. It is not a proxy, and does no routing. I'll look into the configuration of SuSEFirewall though, just in case I am mistaken and it is in fact running.

**tokind** · 15-10-2007, 20:10

Found this, and now really stumped:

Code:

netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:zabbix_agentd         *:*                     LISTEN
tcp        0      0 *:sunrpc                *:*                     LISTEN
tcp        0      0 localhost:novell-zen    *:*                     LISTEN
tcp        0      0 *:ftp                   *:*                     LISTEN
tcp        0      0 localhost:smtp          *:*                     LISTEN
tcp        0      0 *:www-http              *:*                     LISTEN
tcp        0      0 *:ssh                   *:*                     LISTEN
tcp        0      0 localhost:8023          *:*                     LISTEN
tcp        0      0 localhost:smtp          *:*                     LISTEN
tcp        0      0 *:https                 *:*                     LISTEN

Gotta be firewall.

**nelsonab** · 15-10-2007, 23:18

Originally posted by tokind

Thanks. Not running SuSEFirewall, and BTW no GUI interface. I need to do all of this from cli. (I suspect I would have already found what I need if the SuSE world were not so dependent on gui wizards) but hey - noobee's can't whine.

Yast works equally well in CLI and GUI. In fact the same code is behind both interfaces. That's one of the things I personally love about SuSE, ssh, telnet, X it's all the same. :-)

Ya I would agree with the firewall assumption. Can you telnet to the agent from anoter machine?

telnet hostname 10050

**tokind** · 16-10-2007, 00:30

Thanks, I'll try Yast from the command line. Turns out I got to learn how to use iptables to:

discover the bazaar name of the table I needed to add an ALLOW rule to.
add the rule.

Life is good. Thanks again.

I found this article useful:

Iptables Firewall

http://www.linuxguruz.com/iptables/howto/iptables-HOWTO-6.html

Iptables Firewall

Ad Widget

Allow port access on agent_host server port 1005x

Allow port access on agent_host server port 1005x

Comment

Comment

Comment

Comment

Comment

Comment

Comment