No Route to Host NRPE --- Don't know why...

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Frostyequinox
Posts: 2
Joined: Wed Apr 13, 2016 11:57 pm

No Route to Host NRPE --- Don't know why...

Post by Frostyequinox »

Hello,

I've googled this error to death and nothing I've tried on the Nagios forums or the search results have helped to resolve it.

I am at a loss to explain why I am getting a no route to host error when configuring nrpe and I'm hoping someone can spot something I may have missed.

Details below.....
Firewalls disabled for troubleshooting

Client Linux Machine = Centos 6.7 IP = 192.168.1.1 /24
Server Nagios Machine = Centos 6.7 IP = 192.168.1.20 /24
Running in VMWARE


Client Configurations ---


iptables -L -v -n

Code: Select all

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  139 13232 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    4   336 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
  124  8596 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
    0     0 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0           state NEW tcp dpt:5666 
    0     0 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0           state NEW tcp dpt:5666 
    0     0 ACCEPT     tcp  --  *      *       192.168.1.1          0.0.0.0/0           state NEW tcp dpt:5666 
    0     0 ACCEPT     tcp  --  *      *       192.168.1.20         0.0.0.0/0           state NEW tcp dpt:5666 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 267 packets, 22164 bytes)
 pkts bytes target     prot opt in     out     source               destination
/etc/services (section added)

Code: Select all

nrpe            5666/tcp                # NRPE
LISTEN entry working

Code: Select all

netstat -at |grep nrpe
tcp        0      0 *:nrpe                      *:*                         LISTEN      
[root@localhost
/etc/xinetd.d/nrpe

Code: Select all

 default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from	= 127.0.0.1 192.168.1.20 ::1
}
check_nrpe from localhost = OK

Code: Select all

 
/usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.15
Calling command via check_nrpe on localhost = OK

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H localhost -c check_load
OK - load average: 0.00, 0.01, 0.01|load1=0.000;15.000;30.000;0; load5=0.010;10.000;25.000;0; load15=0.010;5.000;20.000;0; 
[root@localhost
tail /var/log/xinetd.log -f

Code: Select all

tail /var/log/xinetd.log -f
16/4/14@15:04:38: EXIT: nrpe status=0 pid=3100 duration=0(sec)
16/4/14@15:04:45: START: nrpe pid=3102 from=::ffff:192.168.1.1
16/4/14@15:04:45: FAIL: nrpe address from=::ffff:192.168.1.1
16/4/14@15:04:45: EXIT: nrpe status=0 pid=3102 duration=0(sec)
16/4/14@15:17:26: START: nrpe pid=3126 from=::1
16/4/14@15:17:26: EXIT: nrpe status=0 pid=3126 duration=0(sec)
16/4/14@15:18:29: START: nrpe pid=3128 from=::1
16/4/14@15:18:29: EXIT: nrpe status=0 pid=3128 duration=0(sec)
16/4/14@15:18:35: START: nrpe pid=3130 from=::1
16/4/14@15:18:35: EXIT: nrpe status=0 pid=3130 duration=0(sec)
ifconfig

Code: Select all

 ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:34:E8:F5  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe34:e8f5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:285 errors:0 dropped:0 overruns:0 frame:0
          TX packets:128 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:22344 (21.8 KiB)  TX bytes:10876 (10.6 KiB)
          Interrupt:19 Base address:0x2024
Thats my client config -

Server Config (basically the IP address)
ifconfig

Code: Select all

 ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:4E:31:C7  
          inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe4e:31c7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:148 errors:0 dropped:0 overruns:0 frame:0
          TX packets:272 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14212 (13.8 KiB)  TX bytes:17112 (16.7 KiB)
          Interrupt:19 Base address:0x2000
This is the part that throws me --- it appears the port is open and contactable ....

Code: Select all

nmap -p5666 192.168.1.1

Starting Nmap 5.51 ( http://nmap.org ) at 2016-04-14 17:56 AEST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for ####CentOS (192.168.1.1)
Host is up (0.00023s latency).
PORT     STATE    SERVICE
5666/tcp filtered nrpe
MAC Address: 00:0C:29:34:E8:F5 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
Where ### is omitted.

Followed by a

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H 192.168.1.1
connect to address 192.168.1.1 port 5666: No route to host
connect to host 192.168.1.1 port 5666: No route to host

So this looses me ----

I try then to make sure basic connectivity works - aka telnet test

Code: Select all

telnet 192.168.1.1 5666
Trying 192.168.1.1...
telnet: connect to address 192.168.1.1: No route to host
A bit at a loss because I can SSH to the client remotely fine.... and I'm sure the iptables were correct....



_______________

On a whim I tried the following from the client just before posting this and the result confused me even more as I'm sure I configured it with SSL support.

IPV4

Code: Select all

 /usr/local/nagios/libexec/check_nrpe -H 192.168.1.1 -c check_load
CHECK_NRPE: Error - Could not complete SSL handshake.
IPV6

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H ::1 -c check_load
OK - load average: 0.00, 0.00, 0.00|load1=0.000;15.000;30.000;0; load5=0.000;10.000;25.000;0; load15=0.000;5.000;20.000;0;
So if you guys can offer assisstance that would be greatly appreciated.

Thank you.

Pings from Server to Client

Code: Select all

ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.305 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.204 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.610 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.355 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.258 ms
Pings from Client to Server

Code: Select all

ping 192.168.1.20
PING 192.168.1.20 (192.168.1.20) 56(84) bytes of data.
64 bytes from 192.168.1.20: icmp_seq=1 ttl=64 time=0.280 ms
64 bytes from 192.168.1.20: icmp_seq=2 ttl=64 time=0.268 ms
64 bytes from 192.168.1.20: icmp_seq=3 ttl=64 time=0.913 ms
64 bytes from 192.168.1.20: icmp_seq=4 ttl=64 time=0.488 ms


:?: :?: :?: :?:
Top
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: No Route to Host NRPE --- Don't know why...

Post by rkennedy »

From both machines, what is the output of route -n?

To add to that, I noticed 5666/tcp filtered nrpe - Is there anything between the two servers at all?
Former Nagios Employee
Top
Frostyequinox
Posts: 2
Joined: Wed Apr 13, 2016 11:57 pm

Re: No Route to Host NRPE --- Don't know why...

Post by Frostyequinox »

Hello,

Nah there was nothing between two hosts ---- I gave myself a rest and re-visited the issue and I noticed my two accept rules in the iptables were below a reject all rule (which I missed until very slow going over it) --- are iptables processed in order? (I'm not very familiar with them etc)

---- I then noticed the syntax was slightly off within the iptables file itself (when I tried to run the command manually it gave me a unknown 192.168.1.1 variable etc --- which I thought oh bugger that explains that...

Once I fixed that up it connected as I expected it to (but I couldn't close this post because it was still awaiting approval by a moderator)

Thank you though for getting back to me, I'm sure now that I've got the connection working I'm going to have all types of h**** ... fun trying to work out how to make the service definitions for NRPE on the nagios server side.

It's not something I have done before so into the fray I go !

Thanks again!
Top
User avatar
lmiltchev
Bugs find me
Posts: 13589
Joined: Mon May 23, 2011 12:15 pm

Re: No Route to Host NRPE --- Don't know why...

Post by lmiltchev »

I am glad your issue has been resolved! I am locking this topic. If you have any more questions/issues, please start a new thread.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
Locked

Return to “Open Source Nagios Projects”