Problem with an agent installation with NAT address
boubakar Jul 27, 2011 4:14 AMHello,
We tried to integrate a RHQ agent in an AIX server, it's not our first AIX agent.
The difference is that our current AIX server is behind a firewall, we've configured the firewall in order to allow the 2 streams : agent ==> server:7080, et the agent:16163 ==> server.
Our server has 2 network interfaces, one for the intern access(internal_server.mlydns), and the other for the external access((external_server.mlydns). The external interface has 2 adress, one private adress, and an other public adress (NAT).
When we configured the agent, we put for the property" Agent Hostname or IP Address [!*]" the public name (external_server.mlydns). We've configured this name manualy in the /etc/hosts of the RHQ server, because we don't share the same DNS server.
We've 2 cases :
1 - When we entered external_server.mlydns in the agent config, we've :
he setup has been completed for the preferences at node [/rhq-agent/default].
The server has rejected the agent registration request. Cause: [org.rhq.core.clientapi.server.core.AgentRegistrationException:Server cannot ping the agent's endpoint. The agent's endpoint is probably invalid or there is a firewall preventing the server from connecting to the agent. Endpoint: socket://external_server.mlydns:16163/?rhq.communications.connector.rhqtype=agent&numAcceptThreads=1 &maxPoolSize=303&clientMaxPoolSize=304& socketTimeout=60000&enableTcpNoDelay=true&backlog=200]
Will retry the agent registration request soon...
The problem that we try the command :
netstat -an | grep 16163
We don't have an agent listening in the port 16163.
2 - When we entered internal_server.mlydns in the agent config, and we changed the conf in the /etc/hosts for mapping "internal_server.mlydns" to the public adress of my AIX host, i've the same problem :
The server has rejected the agent registration request. Cause: [org.rhq.core.clientapi.server.core.AgentRegistrationException:Server cannot ping the agent's endpoint.
The agent's endpoint is probably invalid or there is a firewall preventing the server from connecting to the agent. Endpoint: socket://external_server.mydns:16163/ rhq.communications.connector.rhqtype=agent&
numAcceptThreads=1&maxPoolSize=303&clientMaxPoolSize=304&socketTimeout=60000&enableTcpNoDelay=true&backlog=200]
The agent cannot register with the server. Admin intervention needed!
But in this case, when we try the command :
netstat -an | grep 16163
We've an agent listening in the port 16163.
I've write a sample client/server in java between my RHQ server and my AIX host, the AIX host launch a server listening with the public name external_server.mydns and the client installed in the RHQ server, the communication is working verry fine.
Is there any thing else to configure in the firewall level ?
With kind regards
Boubakar