I recently replaced my home router with a MikroTik router. I further split servers into two groups.
- 192.168.0.0/24 – Production
- 192.168.0.1/24 – Dev
My Zabbix server sits in production network and some Zabbix clients sits in dev network. For some reason there is some kind of NAT issue preventing Zabbix client to translate Zabbix server IP correctly. My Zabbix server have IP 192.168.0.100 and the new Zabbix client got new IP of 192.168.1.200. I was seeing this error.
22825:20180108:185727.666 failed to accept an incoming connection: connection from "192.168.1.1" rejected, allowed hosts: "192.168.0.100"
Dev network’s DFGW is 192.168.1.1. When Zabbix server sends checks to this client for some reason the dev network’s DFGW got into the translation as well. And since Zabbix client sees its gateway IP 192.168.1.1 not in “Server=” directive in /etc/zabbix/zabbix_agentd.conf for allowed IPs… it denies the connectivity.
Well, it’s an easy fix. I just add dev network’s DFGW IP to /etc/zabbix/zabbix_agentd.conf so it reads the following.
Restart Zabbix client. Now Zabbix server connects.
The other solution is convert Zabblix client from passive to active checks. This seems to be requiring more works to fix the problem and change Zabbix server firewall settings. So I didn’t go this route.
(I have the feeling this is not the correct fix but just bandaging the problem. I don’t fully understand the problem and not sure what can be done on the router side as far as port forwarding goes to properly fix this. If you know, please let me know in the comment below. Thanks!)