Nagios Support Forum

I have a scenario whereby 5 hosts sit behind 1 natted external IP. Is nagios monitoring possible in this scenario?
How does nagios handle remote host monitoring if they cannot be added as individual IP's or hostnames?

You might want to look into passive checks for this:

http://nagios.sourceforge.net/docs/3_0/ ... hecks.html

Instead of Nagios checking directly (which will not work due to the network topology) you have the remote machines send results back to Nagios.

Besides passive checks (where the hosts submit their results, rather than Nagios probing them directly through active checks) you could do it with active checks if you can specify SSH port forwards that are unique to each box.

For instance, if port 1111 forwards to machine A port 22, and 2222 forwards to machine B port 22, etc, then you could define active checks using the check_by_ssh wrapper and specify the -p 1111 or -p 2222 for each machine.

That's assuming they're capable of running SSH-based checks and that you can manipulate the firewall, of course.

skahlam, did tmcdonald and eloyd answer your question?

I suppose so, but I am looking for a monitoring solution that provides more ease of use than this type of configuration.
Thanks

If you cannot do active checks through different ports, then the only way to have things work behind a firewall is to have the servers behind the firewall submit passive checks back to Nagios.

Alternatively you could add an additional host with a gearman worker installed and then you would only need 1 firewall exception created, and maybe not even that if your Nagios server is either NATted or has its own public address.

https://assets.nagios.com/downloads/gen ... utions.pdf

If port forwarding is too complex, I imagine mod_gearman might be, too, but that's a great idea!

I could get a gearman worker and job server set up with my eyes closed, but whenever I have to setup a static NAT on an ASA or router I have to review the access list and static nat syntax - all in what we work in

did we find or offer a solution that works for you skahlam? At the end of the day no monitoring system can or should be able to penetrate your firewall and access internal hosts without some intervention on your part. If it is possible, then by definition your firewall isn't doing its job.

I spent 1.5 hours or more with Nagios support setting up an nsclient++ config on Host1 to perform passive checks. After some issues the host finally showed up in NagiosXI. I then set out to install it on the second Host2 that resides behind same FW and it has not yet showed up in NagiosXI as I was told it would. Basically installed nsclient++ on second host and copied over config file from first host. Hostname is set to autodetect.
Will look tomorrow if Host2 shows up at all.