Hi team,

I have the next scheme:

zabbix-proxy <-> R1 <-> R2 <-> zabbix-server

zabbix-proxy in VRF:Red without default route.
zabbix-proxy IP: 10.77.100.34
zabbix-server in main route table with default route.
zabbix-server IP: 10.21.0.250 (DMZ)
R2 have IP on DMZ interface: 10.21.0.1 in main route table.
R2 have LOOPBACK interface in VRF:Red : 10.77.77.1/32

VRF:Red using OSPF

zabbix-proxy know route to R2(VRF:Red) - 10.77.77.1
zabbix-server know only default route in main table on R2

I wanna up a TCP session between zabbix, please help.

P.S. I have workaround for UDP for other services for same scheme, it’s working but I don’t understand for TCP

for UDP:
on R2 in mangle rules:
1. marking connection (netflow) from remote device to loopback for smth port.
2. mark packets (netflow) for marked connection (netflow)
3. mark route (@main) for marking packets (netflow)
4. set route to server dst in DMZ for marked packets (netflow)

and dst-nat rule to DMZ host.

Thanks for help