Esensors Websensor

[rkennedy]

Take a look at the message in the CURL, you may want to speak with whomever administers your firewall -

Code: Select all

<h1>Access Denied</h1><p>The page you requested has been blocked by a firewall policy restriction.</p>

[bashar.abed]

The administration for firewall opened any to sensor device , and opened NAt to this device ,so what is firewall to open it

[rkennedy]

Is there any sort of traffic shaping going on with proxies? When you visit the page http://IP-sensor/idnex.html?em345678 (replace ip-sensor) on your local machine, does it show an error relating to the access denied by a firewall policy, or does it show the proper status?

[bashar.abed]

Hi,

kindly to be notified that there is no Firewall between the sensor device and my PC , and i have got the attached result please advice .

[tgriep]

Try running this on your Local PC and see if you can connect to the Websensor.

Code: Select all

 http://IP-sensor/idnex.html

Then login to the nagios server as root, run the following commands and post the output. Replace xxx.xxx.xxx.xxx with the IP address of the Websensor.

Code: Select all

nmap xxx.xxx.xxx.xxx
tracert xxx.xxx.xxx.xxx

Thanks

[bashar.abed]

Hi,

please see the below result :-

[root@nms ~]# traceroute IP-Sensor
traceroute to IP-Sensor (IP-Sensor), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

[root@nms ~]# nmap IP-Sensor

Starting Nmap 6.47 ( http://nmap.org ) at 2016-12-14 09:50 IST
Nmap scan report for IP-Sensor
Host is up (0.00073s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
1/tcp open tcpmux
3/tcp open compressnet
80/tcp open http

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
[root@nms ~]#

[rkennedy]

If you cannot open it on your own page, and the trace route gets no where - then it leads me to believe there is a transparent firewall doing filtering. I would contact your security team with the error, and see what they can do.

Code: Select all

[root@nms ~]# curl IP-sensor/idnex.html?em345678 -v
* About to connect() to proxy IP-Proxy port 8080 (#0)
* Trying IPProxy... connected
* Connected to IP-Proxy (IP-Proxy) port 8080 (#0)
> GET http://IP-sensor/idnex.html?em345678 HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: IP-sensor
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 403 Forbidden
< Content-Length: 1393
<
<!-- IE friendly error message walkround.
if error message from server is less than
512 bytes IE v5+ will use its own error
message instead of the one returned by
server. -->


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><style type="text/css">html,body{height:100%;padding:0;margin:0;}.oc{display:table;width:100%;height:100%;}.ic{display:table-cell;vertical-align:middle;height:100%;}div.msg{display:block;border:1px solid #30c;padding:0;width:500px;font-family:helvetica,sans-serif;margin:10px auto;}h1{font-weight:bold;color:#fff;font-size:14px;margin:0;padding:2px;text-align:center;background: #30c;}p{font-size:12px;margin:15px auto;width:75%;font-family:helvetica,sans-serif;text-align:left;}</style><title>Access Denied</title></head><body><div class="oc"><div class="ic"><div class="msg"><h1>Access Denied</h1><p>The page you requested has been blocked by a firewall policy restriction.</p></div></div></div></body></html>
* Connection #0 to host IP-Proxy left intact
* Closing connection #0

[bashar.abed]

Hi,

i put the link http://10.108.130.137/index.html?em345678 on a client machine with no proxy and it worked and give the result /N873522TF: 72.8HU:43.6%IL:195.56

now how to avoid using proxy on Nagios root command

thanks

[bashar.abed]

Hi,

i used this command ,please see the result ,

[root@nms ~]# nc 10.x.x.x 80
GET /index.html?em345678 HTTP/1.1

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: text/html
Connection: close

<html><head></head><body>/N873522TF: 72.0HU:31.3%IL:75.72</body></html>
[root@nms ~]#

[bashar.abed]

Hi,

I've tried the curl command and it goes through proxy for http traffic but nc goes directly to sensor.
i want to check if the traffic is http in order to check if it goes the proxy or not.

Thanks