need assistance in getting traffic to my Nagios NA

[frankmerfalen]

i can ping it. Same subnet as the nagios XI. Not sure about your second question. How can I check?


[root@NAGIOSNA ~]# ping 172.16.32.150
PING 172.16.32.150 (172.16.32.150) 56(84) bytes of data.
64 bytes from 172.16.32.150: icmp_seq=1 ttl=64 time=0.052 ms
64 bytes from 172.16.32.150: icmp_seq=2 ttl=64 time=0.039 ms
64 bytes from 172.16.32.150: icmp_seq=3 ttl=64 time=0.037 ms
^C
--- 172.16.32.150 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2208ms
rtt min/avg/max/mdev = 0.037/0.042/0.052/0.010 ms

[scottwilkerson]

i can ping it. Same subnet as the nagios XI. Not sure about your second question. How can I check?

The second question has to do with these items in your iptables configuration which would not have been added by the software

Code: Select all

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
4 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
5 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
6 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
7 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
8 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
9 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24

Code: Select all

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited

as for the easiest way to check, if you server is on a secure network, you could temporarily turn off iptables

Code: Select all

service iptables stop

[frankmerfalen]

Question: Could it be all the MASQUERADEing to and from 192.168.122.0/24 in IPTABLES? I also turned off iptables: service iptables stop. Also the CEO connects via VPN to our network but encounters slow performance "hence why we want this to work" I ran netstat -rn. See output below. I turned off iptables and still I am not getting any data


I ran netstat -nr and this is in my routing table:

Destination gateway Genmask Flags MSS Window irtt Iface
172.16.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virb0
0.0.0.0 172.16.32.1 0.0.0.0 0.0 0 eth0

[scottwilkerson]

Lets also look to see if there are connections from your router to NA

Code: Select all

 netstat -np|grep 9911

[frankmerfalen]

I ran the cmd, no output since I turned off iptables.

[frankmerfalen]

I opened ports 9911,9912 9913 and 9914 on the Centos (nagios NA box) still no data on the nagios na web interface. Please advise


[root@NAGIOSNA ~]# iptables -L
Chain INPUT (policy ACCEPT)

ACCEPT udp -- anywhere anywhere udp dpt:9912
ACCEPT tcp -- anywhere anywhere tcp dpt:9912
ACCEPT tcp -- anywhere anywhere tcp dpt:9913
ACCEPT udp -- anywhere anywhere udp dpt:9913
ACCEPT udp -- anywhere anywhere udp dpt:nas
ACCEPT udp -- anywhere anywhere udp dpt:9914
ACCEPT tcp -- anywhere anywhere tcp dpt:9914

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[frankmerfalen]

One more. i turned on iptables and ran this cmd:

[root@NAGIOSNA ~]# netstat -anp | grep 9911
udp 0 0 0.0.0.0:9911 0.0.0.0:* 4300/nfcapd

[scottwilkerson]

One more. i turned on iptables and ran this cmd:

[root@NAGIOSNA ~]# netstat -anp | grep 9911
udp 0 0 0.0.0.0:9911 0.0.0.0:* 4300/nfcapd

So this is showing that the Nagios Network Analyzer is listening on 9911 however, there are no connection coming in to it on that port.

Are you sure the Cisco is sending data and is sending it to UDP port 9911 of the correct IP (the NA IP)?

[frankmerfalen]

I'm not 100% sure if the Cisco Firewall is sending data on port 9911 other than running the commands per the PDF to enable traffic to be sent to the Nagios NA. I've done everything possible on the Nagios NA box and still no data. How can I run a test from the firewall to the NA box? Solarwinds is banging on our door to get their solution in but I keep telling our IT director to give me more time.


Thanks,
Frank

[tgriep]

Try running this command from the firewall and see if the ip address and port are correct for the Nagios Network Analyzer.

Code: Select all

show flow-export counters

If you can PM me your Cisco's config, I can also check that too.