Nagios Support Forum

Hi,

I just start using a Nagios (Nagios® Core™Version 4.0.2), i have a server with public IP, and i was managed to monitoring a few server with public ip as well, now i trying to start monitoring a few server behind the NAT, (Router have a public IP and servers are in local network), i think the best solutions for me will be port forwarding for each server in local machines, and setup hosts.cfg with that port...

## Default
define host{
use linux-box ; Inherit default values from a template
host_name NAME ; The name we're giving to this server
alias NAME ; A longer name for the server
address xx.xxx.xxx.xxx ; IP address of Remote Linux host - PUBLIC IP OF ROUTER
}

How can i specific port number for each server?

You'll run into a maintenance nightmare really quickly if you go the port-forwarding route. Have you given any thought to using passive checks?

Well, as long as you properly route traffic to and from your systems through a certain port, your router should be smart enough to use that port for traffic routing, are you having issues just defining an address?

Here are just a few of the many options for this type of scenario:
1. You can use an active agent that can bind to different ports. nrpe can run on different ports. . .
2. Alternatively, you could use a single nrpe server as a proxy for all checks on the network - this would only require 1 forwarding rule.
3. Another option is to set up a vpn/ssh tunnel for the checks - just make sure your routes are right.
4. Passive checks could be used and would not require any ports forwarded . . .

tmcdonald wrote:You'll run into a maintenance nightmare really quickly if you go the port-forwarding route. Have you given any thought to using passive checks?

Thank you for quick replay, port-forwarding was my first idea (just looks easy to setup;) .

slansing wrote:Well, as long as you properly route traffic to and from your systems through a certain port, your router should be smart enough to use that port for traffic routing, are you having issues just defining an address?

I wasn't sure how to defining an ip port, but i find solution - define separate command for each specific ip and port (another not quiet good idea - to many not necessary commands for every host) ,

define command{
command_name check_nt2
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p xxxx -s securepassword -v $ARG1$ $ARG2$
}

abrist wrote:Here are just a few of the many options for this type of scenario:
1. You can use an active agent that can bind to different ports. nrpe can run on different ports. . .
2. Alternatively, you could use a single nrpe server as a proxy for all checks on the network - this would only require 1 forwarding rule.
3. Another option is to set up a vpn/ssh tunnel for the checks - just make sure your routes are right.
4. Passive checks could be used and would not require any ports forwarded . . .

ad.1) no idea how do this
ad.2) another think to read about;)
ad.3 ) i have an openVPN server, and i can setup a vpn connection between nagios server and localnetwork where does servers are.
ad.4) http://exchange.nagios.org/directory/Ad ... or/details - is that?



One more time thank you for help.

1) In your remote host's nrpe.cfg file, you can configure the port to communicate on. Just make sure your firewall forwards this port and that the nagios server is using check_nrpe against the proper port.
3) Openvpn is probably the easiest solution. Just make sure the right routes are pushed/configured.
4) Yep. That is one of the passive agents.