All:
I have the following scenario:
HQ Server running on hq.domain.com:7080.
Host x running HQ Agent on x.domain.com:2144 (default port)
Firewall fw forwarding fw.domain.com:2145 to x.domain.com:2144
x.domain.com is non-routable.
hq.domain.com is in another data center.
All communication between hq and x properly passes through fw (which is x's default gateway).
(I'm using hostnames only for example clarity. Everything is configured by IP.)
From fw, I can telnet to x.domain.com 2144 - works. From hq I can telnet to fw.domain.com 2145 - works. In other words, port forwarding works.
When attempting to register the agent, Here's what happens:
./agent-4.2.0/bin/hq-agent.sh start
Starting HQ Agent...
[ Running agent setup ]
What is the HQ server IP address: hq.domain.com
Should Agent communications to HQ always be secure [default=no]: no
What is the HQ server port [default=7080]: 7080
- Testing insecure connection ... Success
What is your HQ login [default=hqadmin]: *****
What is your HQ password: **Not echoing value**
What IP should HQ use to contact the agent [default=x.domain.com]: fw.domain.com
What port should HQ use to contact the agent [default=2144]: 2145
- To setup agent port to 2145, Stop the agent, Update agent properties for agent.listenPort and start the agent again
- Now Agent uses the default port:2144
- Received temporary auth token from agent
- Registering agent with HQ
- Unable to register agent: Failed to connect to agent: Unable to connect to fw.domain.com:2144: Connection refused
Of course, the connection is refused - fw.domain.com wants to see the connection to 2145 (which is properly specified during setup) but the setup process seems to ignore the fact that 2145 is specified for communication. I've also tried simply setting the properties file but I get the same results.
The fact there is configuration for listenPort and setup.agentPort leads me to believe this type of network configuration is expected and supported but seems to be completely ignored. Surely listening on one port and talking to another has to be supported, no? The warning message only makes sense if the two must always match. Needless to say registration fails.
As you can probably figure out from the command line, this is HQ 4.2.0. This server is properly monitoring other hosts / services already (although those agents are listening / communicating on the same port, 2144).
Am I missing something?
Any help greatly appreciated.