Checkmk DMZ 2 hosts the same settings

Hi
I have 4 hosts with the same settings, 2 are directly on external network, internet with public IP and that works OK.
Now two are behind routers and on router I setup DMZ so server behind router have local IP address. I manage to install checmk agent successfully, but when I check host services on checkmk server there is none and I can’t figure out why?? Is there something with DMZ or something else?

Hi Blisk,

you want to access the Hosts in the DMZ from an external IP?

If yes, you have to use Port Forwarding with 2 different Ports.
Otherwise you don´t really have an option.
You could setup a VPN connection between your Router and your checkmk Instance or use the distributed Monitoring with an additional site behind the Router.

I thought so, it must be something like that. I will do some port forwarding.
So probably must be port 8000 and port 6556?

Depends on the port you want to use.

i would just use one with 6556 and the other one should be a port you wouldnt need any time in the future. In the range above 8000 it shouldnt be hard to find one.

Keep in mind you have to create a rule for the Host. The rule you need is " TCP port for connection to Checkmk agent"

I have create rule for incoming port 6556 goes to local IP server and port 6556
also rule for incoming port 8000 to go on local Ip server 8000 port. And still doesn’t work.
What kind of rule I need to create for the Host? “The rule you need is " TCP port for connection to Checkmk agent”" If ports are the same?

The ports are not the same? You have one with port 8000 and one with 6556.

you should have the config file for the agent where you can change the port

Hi,
you are looking for this :

There you need to set for one host port 8000 for example and for second host you can let 6556 port. And on your router you need to set port forwarding for port 8000 to one device and port 6556 to second device on local IP addresses.

Don’t forget that IP addreses for your hosts on check_mk server must be same as router’s.

Best regards,
JF

1 Like

Thank you for this info. So let me repeat if I understand right.
I need to set on router for an incoming port for my host, for port 8000 to port 8000 on my local server ip 192.168.0.40 and for incoming port for my host, for port 6556 to port 6556 on my local server ip 192.168.0.40.
If I have second host for example 192.168.0.50 I need to setup for that host in checkmk server for port 8000 differend port like 8001 (image you post) and set that on my router to forward port 8001 to my local host ip 192.168.0.50. on port 8000.

I have only one host behind router for now.

Just make one Port forwarding from external 6556 to internal 192.168.0.40:6556 and later add a second one with external 8000 for example and internal 192.168.0.50:8000

1 Like

Hi
I did that but still agent can not connect. Need to look into this more detailed.

Did you set it like this?

Hi. Thank you for image.
I repaired your image how I have now connected.

Well if you have right now only 1 PC in your LAN which you want to monitor you only need to set port forwarding of port 6556 to your local IP of PC, make host on CMK server with public IP address of router and it should work.

I thought that too but it doesn’t and don’t know what is wrong.

Do you have anything in this rule? TCP port for connection to Checkmk agent

under checkmk agent port I don’t have nothing like on other hosts which works ok and are not behind router.
slika

slika

Weird…
I just tried to do it on my another server with raw edition and it works without problems.

.

Configuration of ports on my router,
image.

So it should work…

Hi
Thank you for helping I finally solved a problem, there were locked some ports by ISP as I assumed. Now all ports are opened and it works.