Page 1 of 1
check_tcp issue
Posted: Mon Jan 13, 2014 3:35 pm
by vhoover
I am trying to ship windows event logs off to a nagios server (a proxy) then have those passed on to my primary nagios server. I cannot do a direct connect from the windows servers to the primary nagios server due to firewall and network team has opted to not allow such connection due to security risk, but they allow traffic from the DMZ (windows servers) to the network the proxy resides on. The primary nagios server is on a network that has access to the the network the proxy instance is on but not the DMZ. I have setup NSCA, set it to allow from all hosts, added a firewall rule (and saved it), and verified there is a static route in the switch and the nagios servers between the two networks, but when I check port 5667 (nsca) form my primary nagios server, I get the following error:
[root@nagios-test libexec]# ./check_tcp -H X.X.X.X -p 5667 -v
Using service TCP
Port: 5667
flags: 0x6
No route to host
Both servers are using the correct encryption and password (same on both).
Re: check_tcp issue
Posted: Mon Jan 13, 2014 5:19 pm
by sreinhardt
Have you verified on the nagios system that it has the route also added? It's certainly possible that it does not get presented via dhcp(provided you're using that) to the nagios system and so it needs to be added manually.
List routes:
Code: Select all
route (to print routes)
ip route list (alternative to above)
Add routes:
Code: Select all
route add -net 192.168.1.0 netmask 255.255.255.0 gw [Switch or gateway IP]
ip route add 192.168.1.0/24 dev eth0 (alt to above)
Re: check_tcp issue
Posted: Mon Jan 13, 2014 5:28 pm
by vhoover
All IPs are statis and routes going both directions have been verified:
From the Primary:
[root@nagios-test libexec]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.xx.124.x * 255.255.255.0 U 0 0 0 eth0
10.xx.1.x * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default 172.xx.124.xxx 0.0.0.0 UG 0 0 0 eth0
From the proxy:
[root@nagios-prox libexec]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.xx.124.x 10.xx.1.xxx 255.255.255.0 U 0 0 0 eth0
10.xx.1.x * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default 10.xx.1.xxx 0.0.0.0 UG 0 0 0 eth0
Re: check_tcp issue
Posted: Mon Jan 13, 2014 5:36 pm
by sreinhardt
Just to verify, can you ping and\or nmap the dmz system?
Re: check_tcp issue
Posted: Thu Feb 06, 2014 5:16 pm
by vhoover
This was resolved. I forgot that by default my system was set to only allow from the local host.
Re: check_tcp issue
Posted: Thu Feb 06, 2014 5:16 pm
by slansing
Ah, that will do it!