Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Communities
All Communities
Application Networking and Security
Enterprise Software
Mainframe Software
Software Defined Edge
Symantec Enterprise
Tanzu
VMware {code}
VMware Cloud Foundation
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Betas
Flings
Education
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Members
vCenter
Cloud & SDDC
View Only
Community Home
Threads
Library
Events
Members
Back to discussions
Expand all
|
Collapse all
sort by most recent
sort by thread
Registering agents behind firewall w/ port forwarding
esammer
Dec 07, 2009 11:16 PM
All: I have the following scenario: HQ Server running on hq.domain.com:7080. Host x running HQ ...
mcmesser
Dec 08, 2009 12:18 AM
Unfortunately there is a known bug in the agent interactive setup: http://jira.hyperic.com/browse/HHQ-2128 ...
esammer
Dec 08, 2009 12:54 AM
It sounds like, from the last comment in that ticket, that there is no work around for this. I've tried ...
mcmesser
Dec 08, 2009 03:46 PM
Hmm, yes. It seems that feature has been inadvertently broken. I'm not sure there's a good short term ...
1.
Registering agents behind firewall w/ port forwarding
0
Recommend
esammer
Posted Dec 07, 2009 11:16 PM
Reply
Reply Privately
Options Dropdown
All:
I have the following scenario:
HQ Server running on hq.domain.com:7080.
Host x running HQ Agent on x.domain.com:2144 (default port)
Firewall fw forwarding fw.domain.com:2145 to x.domain.com:2144
x.domain.com is non-routable.
hq.domain.com is in another data center.
All communication between hq and x properly passes through fw (which is x's default gateway).
(I'm using hostnames only for example clarity. Everything is configured by IP.)
From fw, I can telnet to x.domain.com 2144 - works. From hq I can telnet to fw.domain.com 2145 - works. In other words, port forwarding works.
When attempting to register the agent, Here's what happens:
./agent-4.2.0/bin/hq-agent.sh start
Starting HQ Agent...
[ Running agent setup ]
What is the HQ server IP address: hq.domain.com
Should Agent communications to HQ always be secure [default=no]: no
What is the HQ server port [default=7080]: 7080
- Testing insecure connection ... Success
What is your HQ login [default=hqadmin]: *****
What is your HQ password: **Not echoing value**
What IP should HQ use to contact the agent [default=x.domain.com]: fw.domain.com
What port should HQ use to contact the agent [default=2144]: 2145
- To setup agent port to 2145, Stop the agent, Update agent properties for agent.listenPort and start the agent again
- Now Agent uses the default port:2144
- Received temporary auth token from agent
- Registering agent with HQ
- Unable to register agent: Failed to connect to agent: Unable to connect to fw.domain.com:2144: Connection refused
Of course, the connection is refused - fw.domain.com wants to see the connection to 2145 (which is properly specified during setup) but the setup process seems to ignore the fact that 2145 is specified for communication. I've also tried simply setting the properties file but I get the same results.
The fact there is configuration for listenPort and setup.agentPort leads me to believe this type of network configuration is expected and supported but seems to be completely ignored. Surely listening on one port and talking to another has to be supported, no? The warning message only makes sense if the two must always match. Needless to say registration fails.
As you can probably figure out from the command line, this is HQ 4.2.0. This server is properly monitoring other hosts / services already (although those agents are listening / communicating on the same port, 2144).
Am I missing something?
Any help greatly appreciated.
2.
RE: Registering agents behind firewall w/ port forwarding
0
Recommend
mcmesser
Posted Dec 08, 2009 12:18 AM
Reply
Reply Privately
Options Dropdown
Unfortunately there is a known bug in the agent interactive setup:
http://jira.hyperic.com/browse/HHQ-2128
Try hard coding these values in agent.properties and restart the agent.
3.
RE: Registering agents behind firewall w/ port forwarding
0
Recommend
esammer
Posted Dec 08, 2009 12:54 AM
Reply
Reply Privately
Options Dropdown
It sounds like, from the last comment in that ticket, that there is no work around for this. I've tried hard coding both in agent.properties and I get the same result.
Just to confirm, this means that one can not have an agent bound to one port and accessed via another. In my specific case, I'm listening on the default and trying to connect via default+1 and it fails with the behavior documented in the ticket.
I appreciate the response but with unidirectional not being an option in the community version, it's back to Nagios, I suppose. This is definitely something that should be well documented. The documentation in fact says the opposite (that this is possible). The whole thing is really unfortunate.
Thanks anyway.
4.
RE: Registering agents behind firewall w/ port forwarding
0
Recommend
mcmesser
Posted Dec 08, 2009 03:46 PM
Reply
Reply Privately
Options Dropdown
Hmm, yes. It seems that feature has been inadvertently broken. I'm not sure there's a good short term answer here...
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Copyright 2024. All rights reserved.
Powered by Higher Logic