Nrpe contact broken by new firewalld implementation

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
mhhall21211
Posts: 1
Joined: Thu Aug 26, 2021 3:02 pm

Nrpe contact broken by new firewalld implementation

Post by mhhall21211 »

I have recently started running firewalld on a server that is monitored by Nagios.
I have made sure that a rule is available for tcp/5666 in firewall rules.
System is configured to run nrpe on tcp/5666, and I've confirmed that nrpe is running.

Seeing the following output (first for system with firewalld running, second for similarly configured system without firewalld).

[root@nsgums01 plugins]# ./check_nrpe -H 10.1.60.16 -c check_ypbind_procs
connect to address 10.1.60.16 port 5666: No route to host
connect to host 10.1.60.16 port 5666: No route to host
[root@nsgums01 plugins]# ./check_nrpe -H 10.1.60.15 -c check_ypbind_procs
PROCS OK: 1 process with command name 'ypbind', UID = 0 (root) | procs=1;1:1;1:2;0;
[root@nsgums01 plugins]#

Is there some service beyond tcp/5666 that needs to be enabled to permit Nrpe to run correctly.
I'm able to SSH to system and perform other functions. NFS is working properly.

Not quite sure what to check next. Thanks for your time and assistance.
gormank
Posts: 1114
Joined: Tue Dec 02, 2014 12:00 pm

Re: Nrpe contact broken by new firewalld implementation

Post by gormank »

You should just need 5666 open in the firewall.
Try nmap -p5666 <host> from the nagios server with the FW running. If it's filtered or closed, try again w/ the FW stopped. If it then shows open you need to fix the FW settings.
Locked