vCenter

 View Only
  • 1.  Force IP Address for sending traffic outward

    Posted Aug 06, 2008 11:27 AM
    We have a secure environment, and need the agent to communicate on one of the two IP addresses that are bound to a single machine. The primary IP Is used for alternate traffic. We have the agent listening on the correct IP, but all outgoing traffic uses the primary IP, not the secondary. Is there a way to force the agent to send outgoing traffic with the secondary IP (Source IP)?


  • 2.  RE: Force IP Address for sending traffic outward

    Posted Aug 06, 2008 11:41 PM
    Hi,

    I think what you are looking for is the variable agent.setup.agentIP in the agent.properties file

    http://support.hyperic.com/display/DOC/HQ+Agent+Configuration
    #agent.setup.agentIP The agent IP the server should use to contact the agent.


    Cheers
    Ben


  • 3.  RE: Force IP Address for sending traffic outward

    Posted Aug 19, 2008 03:04 PM
    Thanks for the reply. I have tried that. The problem is that I have four IP's on the box, and the firewall rules only allow one specific IP to communicate to the Hyperic Server. When the Hyperic Agent attempts to send the traffic it sends with the Main IP of the box.

    Any other suggestions?


  • 4.  RE: Force IP Address for sending traffic outward

    Posted Aug 20, 2008 10:44 PM
    loki74,

    Could it be a port issue? For example, is the firewall or vhost config on server catching traffic on port 7080 and routing to the main IP?

    The agent listens on 2144, the server listens on 7080 (or 7443 if you said yes to secure connections). Can you set your firewall to allow server_IP:7080 and agent_IP:2144?

    --jeremy


  • 5.  RE: Force IP Address for sending traffic outward

    Posted Aug 21, 2008 04:39 AM
    Interesting problem. Is the IP that is allowed to talk to the HQ Server and the IP(s) that is (are) not all on the same subnet? If not, would expect a static route to HQ Server subnet for the "correct" interface to work in addressing the problem.

    Bottom-line, I expect the OS is going to determine which interface to use heading outbound, and HQ is going to let it. HQ has properties to set the IP for listening for incoming connections, but do not think there are configuration options to guarantee the outbound IP.