SELinux is very restrictive by default, depending on distribution. You will have to explicitly enable access, depending on your configuration.
In the case of Red Hat, with SELinux enabled, /var/www is access, but if your sites are on /home, it won't be. You have to enable it with:
setsebool -P httpd_enable_homedirs on
You can pull the list of policies you can enable with:
getsebool -a
It is a lot, so you will have to grep for the service you want to enable access. Again, in the case of Red Hat, you only need to enable spooling for mail, so it will work by default. However, it may be different with your distribution. That and your web directory may be in a completely different location.
So you need go the selinux directory and look at the policies, roles and files contexts, which may be available at:
/etc/selinux
And apply the appropriate labels to the files.
I suggest you look at this as a base starting point:
http://selinuxproject.org/page/Main_Page
If you want to keep running SELinux. Otherwise, either use a different distribution that makes it easy for your to manage SELinux or put it in permissive mode for now and use some other mechanism to secure your server - at least until you get the hang of SELinux.
How about current setting of SELinux and iptables on agent box? Can you from agent telnet to server via port 10051?
You can try to check the connectivity between boxes using tcpdump on agent: tcpdump -i your_interface tcp port 10050
. Using this you can see the incoming/outgoing packets.
Best Answer
I finally figured it out. Zabbix Server has an SELinux bool to allow httpd to communicate with port 10051. To set it, issue the command
sudo setsebool httpd_can_connect_zabbix 1
.This will allow web interface to show if the Zabbix Server is enabled or not without having to disable SELinux!