Zabbix server port closed on AWS

0

Have installed zabbix server on an AWS machine and it appears to be running and listening

tcp        0      0 0.0.0.0:10051               0.0.0.0:*                   LISTEN      496        594651     16441/zabbix_server 
tcp        0      0 :::10051                    :::*                        LISTEN      496        594652     16441/zabbix_server

But the port is not open

Host is up (0.014s latency).
Not shown: 998 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

IP tables allows all TCP traffic:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I looked at security groups in AWS but I could not see anything that could be blocking some ports while allowing 22 and 80. I'm a n00b about AWS/EC2 though so it may well be something like that.

Also when you telnet from localhost to port 10051 it connects for a few seconds and then says "Connection closed by foreign host". When I try to telnet from a different machine it just hangs on "Trying <ip>"

It needs to accept incoming connections because I want to use zabbix_sender on the monitored hosts to push info to the server.

naomi

Posted 2016-07-26T22:05:11.497

Reputation: 182

Answers

0

That configuration is not Zabbix-specific. See AWS documentation on security groups (which is the way firewall rules are handled in AWS).

Specifically, see the detail on adding a service to a security group.

Richlv

Posted 2016-07-26T22:05:11.497

Reputation: 243

I can only see one security group and I had already set that to allow tcp traffic on all ports from all ips (don't worry, it's a test instance) – naomi – 2016-07-27T00:21:03.477

This is where I see the one security group - is there another place I should look? https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#SecurityGroups:sort=groupId

– naomi – 2016-07-27T00:30:00.647

We cannot see your account - that link does not work. Is that security group applied to your host ? Can you show a screenshot of how the traffic was allowed ? – Richlv – 2016-07-27T20:48:40.040

I was just asking if that was the right place to look (you could compare with your account).

Anyway, this is fixed now - I need to add an answer – naomi – 2016-07-27T21:31:39.490

0

Turns out that the server was in a VPC (Virtual Private Cloud) which has its own security group system. Newer AWS accounts cannot avoid having a VPC, unlike older accounts which can use EC2 Classic configuration which is simpler.

I ended up deleting the instance and creating a new instance in a different region. As I was setting it up, it gave me the option to add rules to the VPC security group. But later I realised that these can be added by going to the VPC console, navigating to Security Groups, and adding a group with the desired rules.

naomi

Posted 2016-07-26T22:05:11.497

Reputation: 182

Asked: 2016-07-26T22:05:11.497

Viewed: 705 times

Active: 2016-07-27T21:37:04.070