NAT problems - unable to monitor servers

adamd_hyperic · ‎04-22-2010

Hi,

I've just installed a number of agents to boxes, who are talking to the Hyperic server through a NAT address. Due to the nature of the network, it's not possible for these servers to use the real address of the Hyperic server.
Although the Agent registers with the server ok and the boxes show up in the Hyperic server, they are all in a down or discovering state still.

I can see traffic on the firewall between the agent and server on port 2144 (server to agent), UDP 137 (server to agent) and TCP 7443 (agent to server), so communication seems to be working ok between them.

It just doesn't properly add the servers so that it can start monitoring data. I'm presuming this is down to NAT, as it's the only thing different, and perhaps something imbedded in the messages containing the real IP address could be causing problems?

Any assistance would be appreciated!

Thanks,
Adam

admin · ‎04-23-2010

Hi Adam,

I want to make sure I understand fully here. Just to confirm from an agent you are unable to telnet to port 7443 on the HQ server correct?

Agents need to be able to communicate with the server directly otherwise they are unable to send their measurement reports and resources will appear down.

adamd_hyperic · ‎04-28-2010

Hi,

I got this working in the end - looks like the NAT wasn't the issue. Found two things.
Time sync - the servers on the far side of the link were quite a bit out on time. When we corrected this then monitoring worked ok.
Additionally Hyperic seemed to be trying to connect on UDP137, Netbios, to the far end servers so I had to open this on the firewall.
It was either time or UDP137 being blocked causing the problems. I corrected both at once, so not sure which.

Cheers,
Adam

admin · ‎04-28-2010

Adam,

It was most likely the time sync. This is the number one cause of availability and monitoring issues.

All

NAT problems - unable to monitor servers