I've run into a networking issue with Nagios, and it's got me tearing my hair out. I've spent a couple of days on this - reading posts on the forum, trying different things - but to no avail I feel like I'm missing something obvious but I'm running out of ideas; any help would really be appreciated!
I've set up a Nagios server on a VM, behind a gateway/router that uses iptables to provide NAT, port fwding. The Nagios server can monitor other servers that are also behind the gateway, but it can't monitor servers outside the gateway: it can ping them, but any check_nrpe commands return "CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds".
Here's what I did:
1. On the remote client (outside the gateway):
- in nrpe.cfg I changed the port number (server_port=12345), and I added the IP of the gateway/router to allowed_hosts
(N.B. under the "COMMAND DEFINITIONS" section I'm using hardcoded commands, as I do for the servers within the gateway)
2. On the gateway/router:
- in before.rules I created a rule to forward port 12345 to port 5666 of the Nagios server
3. On the Nagios server (behind the gateway):
- in commands.cfg I created a new check_nrpe command to use port 12345:
Code: Select all
# 'check_nrpe12345' command definition - outside gateway
define command{
command_name check_nrpe12345
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 12345 -c $ARG1$
}
Code: Select all
define service {
use generic-service
host_name remoteserver.wherever.com
service_description 10 cpu
check_command check_nrpe12345!check_load
}
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg reports no issues, and the web interface loads OK. FWIW port forwarding on the gateway is working fine, in general: I've set up rules for port 22 (so I can SSH in to the Nagios server) and port 80 (so I can access the web interface). And I use the same port fwding method for other VMs without issues. But I can't seem to get Nagios/NRPE to talk to remote servers
(I'm running Nagios Core 4.3.4 and NRPE v3.2.0 - both installed from source - and all servers are running Linux).
Thank you in advance for any help. Apologies for a long post, and apologies if this has been covered many times before: I've read several forum posts about NAT-related issues, but I still haven't been able to resolve this one.