Hi Ender,
First of all thanks for you kind words about Monitorix.
I use the Multihost feature on remote servers with a number of them
being under a VPN connection. Let me explain how I did it for this
special case:
I had the same access problem as you, my workstation was unable to reach
the remote servers, since my browser is who actually gets the data from
the remote monitorix.cgi.
The solution was relatively easy. I took advantage of the "reverse
connection" feature of the OpenSSH package.
So, once the tunnel is created and both sides (gateway <-> remote
servers) are 'visible', I execute an script with the following line on
each remote server:
ssh -q -2 -N -R *:<local_port>:localhost:80
<dummy_user>@<your_server_IP> -o ServerAliveInterval=15 -o
ConnectTimeout=15 -p 22
-q quiet mode
-2 force protocol v2
-N don't initiate a bash session, useful for forwarding ports
<local_port> is the port that will be opened (forwarded) in
<your_server_IP> (your gateway). Keep in mind to assign a different port
for each remote server. In my case I use:
10001 for server 1
10002 for server 2
10003 for server 3
etc.
the port 80 is the default Apache port in your remote servers from where
Monitorix will respond.
<dummy_user> is a user created in <your_server_IP> (your gateway) just
to accept those connections. In my case, I've defined this user in
/etc/passwd as:
monitorix:*:500:99::/dev/null:/sbin/nologin
<you_server_IP> is your gateway (following your example), the machine
where you have configured a Monitorix with the $MULTIHOST option as "Y".
the options ServerAliveInterval=15 and ConnectTimeout=15 keeps the
communication active and makes sure that won't hang forever if there are
line problems. In your own script, make sure that it will reconnect if
the connection fails.
-p 22 is the default SSH port in <your_server_IP> (gateway).
Finally, in the /etc/monitorix.conf file of <your_server_IP> (your
gateway), you should add the following lines:
# List of Servers
our @SERV_LIST=("Server 1", "http://<your_server_IP>:10001",
"Server 2", "http://<your_server_IP>:10002",
"Server 3", "http://<your_server_IP>:10003");
As you can see, the "reverse connection" made possible to connect to
ports 10001, 10002 and 10003 in your gateway as if you were connecting
to remote_server_1:80, remote_server_2:80 and remote_server_3:80.
Now, in <your_server_IP> execute 'netstat -ltnp' to see the incoming
connections of your remote servers, and you should see something like this:
# netstat -ltnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:10001 0.0.0.0:* LISTEN 29874/sshd:
monitorix
tcp 0 0 0.0.0.0:10002 0.0.0.0:* LISTEN 29923/sshd:
monitorix
tcp 0 0 0.0.0.0:10003 0.0.0.0:* LISTEN 29991/sshd:
monitorix
Now you can point your browser to http://<your_server_IP>/monitorix/ and
see the remote server graphs, or:
http://<your_server_IP>:10001 if you want to connect directly with that
remote server.
I hope all of this is clear enough for you and helps you.
Anyway, let me know how if it works for you.
Best regards.
ender ulusoy wrote:
> Hi there all ;
>
>
>
> First many thanks for developers and people who helps and works for this
> great project.
>
>
>
> My question is short and I think the answer will be also J
>
>
>
> Is there a way to monitor a host located behind a secure vpn conection
> using multi host monitoring feature?
>
>
>
> Our vpn structer is like this :
>
>
>
> First you connect to gateway using ssh or vnc in the second step you can
> ssh or vnc to the target machine.we got a vpn gateway connection that
> works on site2site vpns.
>
> Clients and other machines are not allowed to connect remote hosts directly.
>
>
>
> Thanks in advance and warmest regards.
>
>
>
> Ender Ulusoy
>
>
>
> Quality Assurance & Support
>
> RS/SVN/NIS
>
> Turkcell Technology
>
>
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Monitorix-general mailing list
> Monitorix-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/monitorix-general
--
Jordi Sanfeliu
FIBRANET Network Services Provider
http://www.fibranet.cat
------------------------------------------------------------------------------
_______________________________________________
Monitorix-general mailing list
Monitorix-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/monitorix-general
