NATty Dread

An open discussion forum for obtaining help with Nagios Core. Nagios Core users of all experience levels are welcome here. Subforum have been created for the discussion of Nagios Core and Nagios Plugin development.

NOTE: The SourceForge.net mailing lists have been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

NATty Dread

Postby scooby » Wed May 16, 2018 6:01 am

Hi all,

I've run into a networking issue with Nagios, and it's got me tearing my hair out. I've spent a couple of days on this - reading posts on the forum, trying different things - but to no avail :-( I feel like I'm missing something obvious but I'm running out of ideas; any help would really be appreciated!

I've set up a Nagios server on a VM, behind a gateway/router that uses iptables to provide NAT, port fwding. The Nagios server can monitor other servers that are also behind the gateway, but it can't monitor servers outside the gateway: it can ping them, but any check_nrpe commands return "CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds".

Here's what I did:

1. On the remote client (outside the gateway):

- in nrpe.cfg I changed the port number (server_port=12345), and I added the IP of the gateway/router to allowed_hosts
(N.B. under the "COMMAND DEFINITIONS" section I'm using hardcoded commands, as I do for the servers within the gateway)

2. On the gateway/router:

- in before.rules I created a rule to forward port 12345 to port 5666 of the Nagios server

3. On the Nagios server (behind the gateway):

- in commands.cfg I created a new check_nrpe command to use port 12345:

Code: Select all
# 'check_nrpe12345' command definition - outside gateway
define command{
        command_name    check_nrpe12345
        command_line      $USER1$/check_nrpe -H $HOSTADDRESS$ -p 12345 -c $ARG1$
}


- in remoteserver.cfg (the server definition file for the server outside the gateway) I defined the host as normal, and defined services to use the new command e.g.

Code: Select all
define service {
    use                           generic-service
    host_name                remoteserver.wherever.com
    service_description   10 cpu
    check_command        check_nrpe12345!check_load
}

...then I restarted nagios on the Nagios server, and restarted nrpe on the remote server.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg reports no issues, and the web interface loads OK. FWIW port forwarding on the gateway is working fine, in general: I've set up rules for port 22 (so I can SSH in to the Nagios server) and port 80 (so I can access the web interface). And I use the same port fwding method for other VMs without issues. But I can't seem to get Nagios/NRPE to talk to remote servers :-(

(I'm running Nagios Core 4.3.4 and NRPE v3.2.0 - both installed from source - and all servers are running Linux).

Thank you in advance for any help. Apologies for a long post, and apologies if this has been covered many times before: I've read several forum posts about NAT-related issues, but I still haven't been able to resolve this one.
scooby
 
Posts: 2
Joined: Wed May 16, 2018 5:44 am

Re: NATty Dread

Postby scottwilkerson » Wed May 16, 2018 9:30 am

scooby wrote:2. On the gateway/router:

- in before.rules I created a rule to forward port 12345 to port 5666 of the Nagios server


This is wrong, you should not need any rules, nor would you need a special command to change the port (you are connecting to 5666 on the REMOTE machine).

The one (and probably only) thing you would need to do is specify your routers IP address in the allowed hosts in the NRPE configuration instead of it's actual IP.
User avatar
scottwilkerson
CTO
 
Posts: 9131
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: NATty Dread

Postby scooby » Thu May 17, 2018 10:43 am

Aha...!

Hi scottwilkerson, and thank you for your response.

Now it works perfectly :)

Thanks again for your help - much appreciated!
scooby
 
Posts: 2
Joined: Wed May 16, 2018 5:44 am

Re: NATty Dread

Postby scottwilkerson » Thu May 17, 2018 10:51 am

Glad to hear this resolved the issue.

Locking thread
User avatar
scottwilkerson
CTO
 
Posts: 9131
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises


Return to Nagios Core

Who is online

Users browsing this forum: No registered users and 22 guests