I am trying to ship windows event logs off to a nagios server (a proxy) then have those passed on to my primary nagios server. I cannot do a direct connect from the windows servers to the primary nagios server due to firewall and network team has opted to not allow such connection due to security risk, but they allow traffic from the DMZ (windows servers) to the network the proxy resides on. The primary nagios server is on a network that has access to the the network the proxy instance is on but not the DMZ. I have setup NSCA, set it to allow from all hosts, added a firewall rule (and saved it), and verified there is a static route in the switch and the nagios servers between the two networks, but when I check port 5667 (nsca) form my primary nagios server, I get the following error:
[root@nagios-test libexec]# ./check_tcp -H X.X.X.X -p 5667 -v
Using service TCP
Port: 5667
flags: 0x6
No route to host
Both servers are using the correct encryption and password (same on both).
check_tcp issue
-
sreinhardt
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: check_tcp issue
Have you verified on the nagios system that it has the route also added? It's certainly possible that it does not get presented via dhcp(provided you're using that) to the nagios system and so it needs to be added manually.
List routes:
Add routes:
List routes:
Code: Select all
route (to print routes)
ip route list (alternative to above)Code: Select all
route add -net 192.168.1.0 netmask 255.255.255.0 gw [Switch or gateway IP]
ip route add 192.168.1.0/24 dev eth0 (alt to above)Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Re: check_tcp issue
All IPs are statis and routes going both directions have been verified:
From the Primary:
[root@nagios-test libexec]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.xx.124.x * 255.255.255.0 U 0 0 0 eth0
10.xx.1.x * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default 172.xx.124.xxx 0.0.0.0 UG 0 0 0 eth0
From the proxy:
[root@nagios-prox libexec]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.xx.124.x 10.xx.1.xxx 255.255.255.0 U 0 0 0 eth0
10.xx.1.x * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default 10.xx.1.xxx 0.0.0.0 UG 0 0 0 eth0
From the Primary:
[root@nagios-test libexec]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.xx.124.x * 255.255.255.0 U 0 0 0 eth0
10.xx.1.x * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default 172.xx.124.xxx 0.0.0.0 UG 0 0 0 eth0
From the proxy:
[root@nagios-prox libexec]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.xx.124.x 10.xx.1.xxx 255.255.255.0 U 0 0 0 eth0
10.xx.1.x * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default 10.xx.1.xxx 0.0.0.0 UG 0 0 0 eth0
-
sreinhardt
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: check_tcp issue
Just to verify, can you ping and\or nmap the dmz system?
Code: Select all
nmap -p 80 [host\IP]Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.
Re: check_tcp issue
This was resolved. I forgot that by default my system was set to only allow from the local host.
-
slansing
- Posts: 7698
- Joined: Mon Apr 23, 2012 4:28 pm
- Location: Travelling through time and space...
Re: check_tcp issue
Ah, that will do it!