-
Problem report
-
Resolution: Fixed
-
Trivial
-
6.2.7
-
None
-
Rocky Linux release 8.7 (Green Obsidian)
zabbix-proxy-pgsql-6.2.7-release1.el8.x86_64
-
Sprint 98 (Mar 2023)
-
0.25
Steps to reproduce:
- Install zabbix proxy on a host with two IP addresses: 10.0.0.19 and 10.0.0.20
- Configure SourceIP=10.0.0.19 in zabbix_proxy.conf
- Create a new host in Zabbix (10.1.1.135) and apply a VMWare template
- On the zabbix proxy host, capture the traffic directed to the monitored host: tcpdump -n dst 10.1.1.135
Result:
Traffic capture shows that some connections (not all) are originated from a source address which is not the one defined in SourceIP option.
10:04:53.679663 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2305262, win 24568, length 0 10:04:53.679696 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2308182, win 24568, length 0 10:04:53.679727 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2311102, win 24568, length 0 10:04:53.679833 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2322782, win 24515, length 0 10:04:53.679930 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2325702, win 24560, length 0 10:04:53.679967 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2328622, win 24560, length 0 10:04:53.680065 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2337382, win 24515, length 0 10:04:53.680087 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2343222, win 24477, length 0 10:04:53.680177 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2354902, win 24424, length 0 10:04:53.680207 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2357822, win 24560, length 0 10:04:53.680282 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2360116, win 24545, length 0 10:04:53.733285 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [P.], seq 910894:919125, ack 2360116, win 24568, length 8231 10:04:53.885002 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2373339, win 24500, length 0 10:04:53.887986 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [P.], seq 919125:919793, ack 2373339, win 24568, length 668 10:04:53.896209 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [P.], seq 919793:919824, ack 2373936, win 24568, length 31 10:04:53.897214 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [F.], seq 919824, ack 2373936, win 24568, length 0 10:04:53.897327 IP 10.0.0.19.51181 > 10.1.1.135.https: Flags [.], ack 2373937, win 24568, length 0 10:04:54.134954 IP 10.0.0.20.33094 > 10.1.1.135.https: Flags [S], seq 193904254, win 29200, options [mss 1460,sackOK,TS val 2487588894 ecr 0,nop,wscale 7], length 0 #### <<< Wrong IP source 10:04:58.166993 IP 10.0.0.20.33094 > 10.1.1.135.https: Flags [S], seq 193904254, win 29200, options [mss 1460,sackOK,TS val 2487592926 ecr 0,nop,wscale 7], length 0 #### <<< Wrong IP source 10:05:06.551028 IP 10.0.0.20.33094 > 10.1.1.135.https: Flags [S], seq 193904254, win 29200, options [mss 1460,sackOK,TS val 2487601310 ecr 0,nop,wscale 7], length 0 #### <<< Wrong IP source 10:05:20.995106 IP 10.0.0.19 > 10.1.1.135: ICMP echo request, id 10227, seq 4, length 64 10:05:21.995188 IP 10.0.0.19 > 10.1.1.135: ICMP echo request, id 10227, seq 24, length 64 10:05:22.995520 IP 10.0.0.19 > 10.1.1.135: ICMP echo request, id 10227, seq 44, length 64 10:06:20.134420 IP 10.0.0.19 > 10.1.1.135: ICMP echo request, id 11070, seq 4, length 64 10:06:21.134751 IP 10.0.0.19 > 10.1.1.135: ICMP echo request, id 11070, seq 24, length 64 10:06:22.135046 IP 10.0.0.19 > 10.1.1.135: ICMP echo request, id 11070, seq 44, length 64 10:07:20.747835 IP 10.0.0.19 > 10.1.1.135: ICMP echo request, id 11910, seq 4, length 64 10:07:21.750429 IP 10.0.0.19 > 10.1.1.135: ICMP echo request, id 11910, seq 24, length 64 10:07:22.751433 IP 10.0.0.19 > 10.1.1.135: ICMP echo request, id 11910, seq 44, length 64 10:07:46.484461 IP 10.0.0.19.57575 > 10.1.1.135.https: Flags [S], seq 1553928807, win 29200, options [mss 1460,sackOK,TS val 2586056777 ecr 0,nop,wscale 7], length 0 10:07:46.485835 IP 10.0.0.19.57575 > 10.1.1.135.https: Flags [.], ack 3564670373, win 229, length 0 10:07:46.492157 IP 10.0.0.19.57575 > 10.1.1.135.https: Flags [P.], seq 0:517, ack 1, win 229, length 517}}
Also netstat command shows this situation:
$ netstat -nap | grep 10.1.1 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 1 10.0.0.20:42990 10.1.1.135:443 SYN_SENT 205132/zabbix_proxy tcp 0 0 10.0.0.19:10051 10.1.1.67:56377 TIME_WAIT - tcp 0 0 10.0.0.19:10051 10.1.1.66:43821 TIME_WAIT -
Consequences:
Some items and discovery rules (not all) go occasionally in Not supported state with message "Timeout was reached", as the external network only allows the correct source IP to reach the VMware host (see screenshots)
Expected:
All connections performed by zabbix agent honour the SourceIP option.
Notes:
Zabbix server could also be affected (not tested).