Monitoring servers behind NAT

[jotbe]

Hi,

I just start using a Nagios (Nagios® Core™Version 4.0.2), i have a server with public IP, and i was managed to monitoring a few server with public ip as well, now i trying to start monitoring a few server behind the NAT, (Router have a public IP and servers are in local network), i think the best solutions for me will be port forwarding for each server in local machines, and setup hosts.cfg with that port...

## Default
define host{
use linux-box ; Inherit default values from a template
host_name NAME ; The name we're giving to this server
alias NAME ; A longer name for the server
address xx.xxx.xxx.xxx ; IP address of Remote Linux host - PUBLIC IP OF ROUTER
}

How can i specific port number for each server?

[tmcdonald]

You'll run into a maintenance nightmare really quickly if you go the port-forwarding route. Have you given any thought to using passive checks?

[slansing]

Well, as long as you properly route traffic to and from your systems through a certain port, your router should be smart enough to use that port for traffic routing, are you having issues just defining an address?

[abrist]

Here are just a few of the many options for this type of scenario:
1. You can use an active agent that can bind to different ports. nrpe can run on different ports. . .
2. Alternatively, you could use a single nrpe server as a proxy for all checks on the network - this would only require 1 forwarding rule.
3. Another option is to set up a vpn/ssh tunnel for the checks - just make sure your routes are right.
4. Passive checks could be used and would not require any ports forwarded . . .

[jotbe]

You'll run into a maintenance nightmare really quickly if you go the port-forwarding route. Have you given any thought to using passive checks?

Thank you for quick replay, port-forwarding was my first idea (just looks easy to setup;) .

Well, as long as you properly route traffic to and from your systems through a certain port, your router should be smart enough to use that port for traffic routing, are you having issues just defining an address?

I wasn't sure how to defining an ip port, but i find solution - define separate command for each specific ip and port (another not quiet good idea - to many not necessary commands for every host) ,

define command{
command_name check_nt2
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p xxxx -s securepassword -v $ARG1$ $ARG2$
}

Here are just a few of the many options for this type of scenario:
1. You can use an active agent that can bind to different ports. nrpe can run on different ports. . .
2. Alternatively, you could use a single nrpe server as a proxy for all checks on the network - this would only require 1 forwarding rule.
3. Another option is to set up a vpn/ssh tunnel for the checks - just make sure your routes are right.
4. Passive checks could be used and would not require any ports forwarded . . .

ad.1) no idea how do this
ad.2) another think to read about;)
ad.3 ) i have an openVPN server, and i can setup a vpn connection between nagios server and localnetwork where does servers are.
ad.4) http://exchange.nagios.org/directory/Ad ... or/details - is that?



One more time thank you for help.

[abrist]

1) In your remote host's nrpe.cfg file, you can configure the port to communicate on. Just make sure your firewall forwards this port and that the nagios server is using check_nrpe against the proper port.
3) Openvpn is probably the easiest solution. Just make sure the right routes are pushed/configured.
4) Yep. That is one of the passive agents.