Page 3 of 4
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 2:06 pm
by frankmerfalen
i can ping it. Same subnet as the nagios XI. Not sure about your second question. How can I check?
[root@NAGIOSNA ~]# ping 172.16.32.150
PING 172.16.32.150 (172.16.32.150) 56(84) bytes of data.
64 bytes from 172.16.32.150: icmp_seq=1 ttl=64 time=0.052 ms
64 bytes from 172.16.32.150: icmp_seq=2 ttl=64 time=0.039 ms
64 bytes from 172.16.32.150: icmp_seq=3 ttl=64 time=0.037 ms
^C
--- 172.16.32.150 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2208ms
rtt min/avg/max/mdev = 0.037/0.042/0.052/0.010 ms
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 2:34 pm
by scottwilkerson
frankmerfalen wrote:i can ping it. Same subnet as the nagios XI. Not sure about your second question. How can I check?
The second question has to do with these items in your iptables configuration which would not have been added by the software
Code: Select all
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
4 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
5 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
6 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
7 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
8 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1 024-65535
9 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
Code: Select all
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTAB LISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
as for the easiest way to check, if you server is on a secure network, you could temporarily turn off iptables
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 2:53 pm
by frankmerfalen
Question: Could it be all the MASQUERADEing to and from 192.168.122.0/24 in IPTABLES? I also turned off iptables: service iptables stop. Also the CEO connects via VPN to our network but encounters slow performance "hence why we want this to work" I ran netstat -rn. See output below. I turned off iptables and still I am not getting any data
I ran netstat -nr and this is in my routing table:
Destination gateway Genmask Flags MSS Window irtt Iface
172.16.32.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virb0
0.0.0.0 172.16.32.1 0.0.0.0 0.0 0 eth0
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 3:44 pm
by scottwilkerson
Lets also look to see if there are connections from your router to NA
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 4:10 pm
by frankmerfalen
I ran the cmd, no output since I turned off iptables.
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 4:27 pm
by frankmerfalen
I opened ports 9911,9912 9913 and 9914 on the Centos (nagios NA box) still no data on the nagios na web interface. Please advise
[root@NAGIOSNA ~]# iptables -L
Chain INPUT (policy ACCEPT)
ACCEPT udp -- anywhere anywhere udp dpt:9912
ACCEPT tcp -- anywhere anywhere tcp dpt:9912
ACCEPT tcp -- anywhere anywhere tcp dpt:9913
ACCEPT udp -- anywhere anywhere udp dpt:9913
ACCEPT udp -- anywhere anywhere udp dpt:nas
ACCEPT udp -- anywhere anywhere udp dpt:9914
ACCEPT tcp -- anywhere anywhere tcp dpt:9914
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Re: need assistance in getting traffic to my Nagios NA
Posted: Tue Dec 23, 2014 6:55 pm
by frankmerfalen
One more. i turned on iptables and ran this cmd:
[root@NAGIOSNA ~]# netstat -anp | grep 9911
udp 0 0 0.0.0.0:9911 0.0.0.0:* 4300/nfcapd
Re: need assistance in getting traffic to my Nagios NA
Posted: Fri Dec 26, 2014 10:03 am
by scottwilkerson
frankmerfalen wrote:One more. i turned on iptables and ran this cmd:
[root@NAGIOSNA ~]# netstat -anp | grep 9911
udp 0 0 0.0.0.0:9911 0.0.0.0:* 4300/nfcapd
So this is showing that the Nagios Network Analyzer is listening on 9911 however, there are no connection coming in to it on that port.
Are you sure the Cisco is sending data and is sending it to UDP port 9911 of the correct IP (the NA IP)?
Re: need assistance in getting traffic to my Nagios NA
Posted: Mon Dec 29, 2014 11:55 am
by frankmerfalen
I'm not 100% sure if the Cisco Firewall is sending data on port 9911 other than running the commands per the PDF to enable traffic to be sent to the Nagios NA. I've done everything possible on the Nagios NA box and still no data. How can I run a test from the firewall to the NA box? Solarwinds is banging on our door to get their solution in but I keep telling our IT director to give me more time.
Thanks,
Frank
Re: need assistance in getting traffic to my Nagios NA
Posted: Mon Dec 29, 2014 1:57 pm
by tgriep
Try running this command from the firewall and see if the ip address and port are correct for the Nagios Network Analyzer.
If you can PM me your Cisco's config, I can also check that too.