Nagios Support Forum

lmiltchev wrote:Run the following commands on the client:

Code: Select all

iptables -I INPUT -p tcp --dport 5666 -j ACCEPT
service iptables save

and test it from the XI server:

Code: Select all

nmap 10.10.83.90 -p 5666
/usr/local/nagios/libexec/check_nrpe -H 10.10.83.90

Hi..

I have run the two commands on the client end and saved the IP tables.
[root@uusrcpmwik00 libexec]# iptables -I INPUT -p tcp --dport 5666 -j ACCEPT
[root@uusrcpmwik00 libexec]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@uusrcpmwik00 libexec]#



Other two commands I have run from Nagios XI, please find the output.

[root@lussvpnagiosxi00 libexec]# nmap uusrcpmwik00 -p 5666

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-04 11:15 CDT
Nmap scan report for uusrcpmwik00 (10.10.82.38)
Host is up (0.00038s latency).
PORT STATE SERVICE
5666/tcp closed nrpe

Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds
You have new mail in /var/spool/mail/root
[root@lussvpnagiosxi00 libexec]# /usr/local/nagios/libexec/check_nrpe -H uusrcpmwik00
connect to address 10.10.82.38 port 5666: Connection refused
connect to host uusrcpmwik00 port 5666: Connection refused

Hi Team,

Any updates on the issue I raised please, or someone can work with me to sort it out.. thanks..

Run the following commands and show the output:

On the client (remote machine): On the Nagios XI server: Note: Try using both, the FQDN and IP address.

lmiltchev wrote:Run the following commands and show the output:

On the client (remote machine):

Code: Select all

find / -name nrpe
service xinetd restart
service xinetd status
ifconfig
grep only_from /etc/xinetd.d/nrpe
netstat -ano | grep 5666

On the Nagios XI server:

Code: Select all

ifconfig
nmap <client ip> -p 5666
/usr/local/nagios/libexec/check_nrpe -H <client ip>

Note: Try using both, the FQDN and IP address.

Hi..

Please find the output on the client machine:
[root@uusrcpmwik00 etc]# find / -name nrpe
/tmp/nrpe-2.15/package/solaris/pkg/nrpe
/tmp/nrpe-2.15/src/nrpe
/tmp/linux-nrpe-agent/subcomponents/nrpe
/tmp/linux-nrpe-agent/subcomponents/nrpe/nrpe-2.15/package/solaris/pkg/nrpe
/tmp/linux-nrpe-agent/subcomponents/nrpe/nrpe-2.15/src/nrpe
/tmp/linux-nrpe-agent/subcomponents/nrpe/mods/cfg/nrpe
/tmp/nrpe-2.14/package/solaris/pkg/nrpe
/tmp/nrpe-2.14/src/nrpe
/usr/local/nagios/bin/nrpe
/usr/local/nagios/etc/nrpe
/etc/xinetd.d/nrpe
[root@uusrcpmwik00 etc]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@uusrcpmwik00 etc]# service xinetd status
xinetd (pid 31054) is running...
[root@uusrcpmwik00 etc]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:B8:50:72
inet addr:10.10.82.38 Bcast:10.10.82.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:feb8:5072/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4343915 errors:0 dropped:0 overruns:0 frame:0
TX packets:1055261 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:647983174 (617.9 MiB) TX bytes:112364838 (107.1 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:115557 errors:0 dropped:0 overruns:0 frame:0
TX packets:115557 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10406333 (9.9 MiB) TX bytes:10406333 (9.9 MiB)

virbr0 Link encap:Ethernet HWaddr 52:54:00:29:D0:0C
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

[root@uusrcpmwik00 etc]# grep only_from /etc/xinetd.d/nrpe
only_from = 10.10.83.90
[root@uusrcpmwik00 etc]# netstat -ano | grep 5666


Output on Nagios Server:


[root@lussvpnagiosxi00 libexec]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:B8:4B:43
inet addr:10.10.83.90 Bcast:10.10.83.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:feb8:4b43/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11140745 errors:0 dropped:0 overruns:0 frame:0
TX packets:11490039 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3255614493 (3.0 GiB) TX bytes:2481963047 (2.3 GiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:13431662 errors:0 dropped:0 overruns:0 frame:0
TX packets:13431662 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5188319227 (4.8 GiB) TX bytes:5188319227 (4.8 GiB)

[root@lussvpnagiosxi00 libexec]# nmap 10.10.82.38 -p 5666

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-04 12:20 CDT
Nmap scan report for 10.10.82.38
Host is up (0.00036s latency).
PORT STATE SERVICE
5666/tcp closed nrpe

Nmap done: 1 IP address (1 host up) scanned in 13.11 seconds
[root@lussvpnagiosxi00 libexec]# /usr/local/nagios/libexec/check_nrpe -H 10.10.82.38
connect to address 10.10.82.38 port 5666: Connection refused
connect to host 10.10.82.38 port 5666: Connection refused[root@lussvpnagiosxi00 lib^Cec]# /usr/local/nagios/libexec/check_nrpe -H 10.10.82.38
[root@lussvpnagiosxi00 libexec]# /usr/local/nagios/libexec/check_nrpe -H uusrcpmwik00
connect to address 10.10.82.38 port 5666: Connection refused
connect to host uusrcpmwik00 port 5666: Connection refused[root@lussvpnagiosxi00 libexec]#

Hi All, just to add to the above issue:

From CLient server:
/usr/local/nagios/libexec/check_tcp -H localhost -p 5666
Connection refused

From Nagios server:

/usr/local/nagios/libexec/check_tcp -H localhost -p 5666
TCP OK - 0.005 second response time on localhost port 5666|time=0.004683s;;;0.000000;10.000000

Hi All,

Please check the below outputs.

[root@uusrcpmwik00 libexec]# nmap -P0 -p 5666 `ifconfig eth0 | head -2 | tail -1 | awk '{print $2}' | awk -F: '{print $2}'`

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-04 12:54 CDT
Nmap scan report for uusrcpmwik00 (10.10.82.38)
Host is up (0.000083s latency).
PORT STATE SERVICE
5666/tcp closed nrpe

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
[root@uusrcpmwik00 libexec]# nmap -P0 -p 5666 localhost

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-04 12:55 CDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000069s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
5666/tcp closed nrpe

Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds

[root@uusrcpmwik00 libexec]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.83.90 LUSSVPNAGIOSXI00
10.10.82.38 uusrcpmwik00

[root@uusrcpmwik00 libexec]# /usr/local/nagios/libexec/check_nrpe -H localhost
connect to address ::1 port 5666: Connection refused
connect to address 127.0.0.1 port 5666: Connection refused
connect to host localhost port 5666: Connection refused[root@uusrcpmwik00 libexec]#
[root@uusrcpmwik00 libexec]#

Is everything looks fine????

Hm-m-m, it still looks like a firewall issue. Let's check the firewall rules on the client one more time:
BTW, have you tested the check after stopping the iptables on the client (service iptables stop)?

Open the "/etc/xinetd.d/nrpe" on the client in a text editor, i.e. "vi", and change this line:
to this: Note: the two IPs are separated by a space.

Save, exit and restart xinetd:
Test "check_nrpe" locally (on the client):
Are you using tcp wrappers on the client? Do you have anything in "/etc/hosts.allow" or "/etc/hosts.deny"? Do you have another firewall (in addition to iptables) between the server and the client?

Hi.. Please find the output of the commands run as advised.

[root@uusrcpmwik00 libexec]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain INPUT (policy ACCEPT)
num target prot opt source destination

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0
udp dpt:68 CHECKSUM fill

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5666
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5666
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination


[root@uusrcpmwik00 libexec]# service iptables stop
iptables: Setting chains to policy ACCEPT: nat mangle filte[ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]

[root@uusrcpmwik00 libexec]# vi /etc/xinetd.d/nrpe

[root@uusrcpmwik00 libexec]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]

[root@uusrcpmwik00 libexec]# /usr/local/nagios/libexec/check_tcp -H localhost -p 5666
Connection refused
[root@uusrcpmwik00 libexec]# service iptables start
iptables: Applying firewall rules: [ OK ]

[root@uusrcpmwik00 libexec]# /usr/local/nagios/libexec/check_tcp -H localhost -p 5666
Connection refused

And I ran the command service iptables stop and then service iptables start. will that make any difference?

To add more to the above update:

This is run on the XI server:

[root@lussvpnagiosxi00 libexec]# telnet 10.10.82.38 5666
Trying 10.10.82.38...
telnet: connect to address 10.10.82.38: Connection refused
[root@lussvpnagiosxi00 libexec]# traceroute 10.10.82.38
traceroute to 10.10.82.38 (10.10.82.38), 30 hops max, 60 byte packets
1 10.10.83.12 (10.10.83.12) 0.485 ms 0.546 ms 0.677 ms
2 UUSRCPMWIK00.fossil.com (10.10.82.38) 0.295 ms 0.290 ms 0.263 ms

This is from the client server/Remote server:

[root@uusrcpmwik00 libexec]# telnet 10.10.83.90 5666
Trying 10.10.83.90...
telnet: connect to address 10.10.83.90: No route to host
[root@uusrcpmwik00 libexec]# traceroute 10.10.83.90
traceroute to 10.10.83.90 (10.10.83.90), 30 hops max, 60 byte packets
1 10.10.82.12 (10.10.82.12) 0.561 ms 0.826 ms 1.502 ms
2 LUSSVPNAGIOSXI00 (10.10.83.90) 0.368 ms !X 0.412 ms !X 0.418 ms !X