Network troubleshooting for trusted cluster

I have a trusted cluster behind a locked-down router which works well via a proxy on the open Internet. However when I configure a port forwarding on this router to my bastion server (for an independent purpose) Teleport will not connect, I’m not sure why. What networking tools can I use to see what is failing? Or, put it another way, what is the requirement of the trusted cluster? Is it only outgoing port 3024 to the proxy?


Open your root cluster /etc/teleport.yaml config file and identify these two values, web_listen_addr and tunnel_listen_addr.

From your leaf cluster, ensure that it’s able to access the above two endpoints of the root cluster. You can use a simple telnet <host/ip> <port> command to verify accessibility.

If you continue to have issues, from the leaf cluster, enable debug logging. The logging output should identify any issues reaching the root cluster.

It also needs to be able to connect to whatever the web port is, 3080 by default.

Thank you both, that was what I needed.