Nagios Support Forum

Posted: **Thu Apr 14, 2016 12:49 am**

Hello,

I've googled this error to death and nothing I've tried on the Nagios forums or the search results have helped to resolve it.

I am at a loss to explain why I am getting a no route to host error when configuring nrpe and I'm hoping someone can spot something I may have missed.

Details below.....
Firewalls disabled for troubleshooting

Client Linux Machine = Centos 6.7 IP = 192.168.1.1 /24
Server Nagios Machine = Centos 6.7 IP = 192.168.1.20 /24
Running in VMWARE

Client Configurations ---

iptables -L -v -n

Code: Select all

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  139 13232 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    4   336 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
  124  8596 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
    0     0 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0           state NEW tcp dpt:5666 
    0     0 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0           state NEW tcp dpt:5666 
    0     0 ACCEPT     tcp  --  *      *       192.168.1.1          0.0.0.0/0           state NEW tcp dpt:5666 
    0     0 ACCEPT     tcp  --  *      *       192.168.1.20         0.0.0.0/0           state NEW tcp dpt:5666 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 267 packets, 22164 bytes)
 pkts bytes target     prot opt in     out     source               destination

/etc/services (section added)

Code: Select all

nrpe            5666/tcp                # NRPE

LISTEN entry working

Code: Select all

netstat -at |grep nrpe
tcp        0      0 *:nrpe                      *:*                         LISTEN      
[root@localhost

/etc/xinetd.d/nrpe

Code: Select all

 default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from	= 127.0.0.1 192.168.1.20 ::1
}

check_nrpe from localhost = OK

Code: Select all

 
/usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.15

Calling command via check_nrpe on localhost = OK

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H localhost -c check_load
OK - load average: 0.00, 0.01, 0.01|load1=0.000;15.000;30.000;0; load5=0.010;10.000;25.000;0; load15=0.010;5.000;20.000;0; 
[root@localhost

tail /var/log/xinetd.log -f

Code: Select all

tail /var/log/xinetd.log -f
16/4/14@15:04:38: EXIT: nrpe status=0 pid=3100 duration=0(sec)
16/4/14@15:04:45: START: nrpe pid=3102 from=::ffff:192.168.1.1
16/4/14@15:04:45: FAIL: nrpe address from=::ffff:192.168.1.1
16/4/14@15:04:45: EXIT: nrpe status=0 pid=3102 duration=0(sec)
16/4/14@15:17:26: START: nrpe pid=3126 from=::1
16/4/14@15:17:26: EXIT: nrpe status=0 pid=3126 duration=0(sec)
16/4/14@15:18:29: START: nrpe pid=3128 from=::1
16/4/14@15:18:29: EXIT: nrpe status=0 pid=3128 duration=0(sec)
16/4/14@15:18:35: START: nrpe pid=3130 from=::1
16/4/14@15:18:35: EXIT: nrpe status=0 pid=3130 duration=0(sec)

ifconfig

Code: Select all

 ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:34:E8:F5  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe34:e8f5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:285 errors:0 dropped:0 overruns:0 frame:0
          TX packets:128 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:22344 (21.8 KiB)  TX bytes:10876 (10.6 KiB)
          Interrupt:19 Base address:0x2024

Thats my client config -

Server Config (basically the IP address)
ifconfig

Code: Select all

 ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:4E:31:C7  
          inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe4e:31c7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:148 errors:0 dropped:0 overruns:0 frame:0
          TX packets:272 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14212 (13.8 KiB)  TX bytes:17112 (16.7 KiB)
          Interrupt:19 Base address:0x2000

This is the part that throws me --- it appears the port is open and contactable ....

Code: Select all

nmap -p5666 192.168.1.1

Starting Nmap 5.51 ( http://nmap.org ) at 2016-04-14 17:56 AEST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for ####CentOS (192.168.1.1)
Host is up (0.00023s latency).
PORT     STATE    SERVICE
5666/tcp filtered nrpe
MAC Address: 00:0C:29:34:E8:F5 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds

Where ### is omitted.

Followed by a

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H 192.168.1.1
connect to address 192.168.1.1 port 5666: No route to host
connect to host 192.168.1.1 port 5666: No route to host

So this looses me ----

I try then to make sure basic connectivity works - aka telnet test

Code: Select all

telnet 192.168.1.1 5666
Trying 192.168.1.1...
telnet: connect to address 192.168.1.1: No route to host

A bit at a loss because I can SSH to the client remotely fine.... and I'm sure the iptables were correct....

_______________

On a whim I tried the following from the client just before posting this and the result confused me even more as I'm sure I configured it with SSL support.

IPV4

Code: Select all

 /usr/local/nagios/libexec/check_nrpe -H 192.168.1.1 -c check_load
CHECK_NRPE: Error - Could not complete SSL handshake.

IPV6

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H ::1 -c check_load
OK - load average: 0.00, 0.00, 0.00|load1=0.000;15.000;30.000;0; load5=0.000;10.000;25.000;0; load15=0.000;5.000;20.000;0;

So if you guys can offer assisstance that would be greatly appreciated.

Thank you.

Pings from Server to Client

Code: Select all

ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.305 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.204 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.610 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.355 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.258 ms

Pings from Client to Server

Code: Select all

ping 192.168.1.20
PING 192.168.1.20 (192.168.1.20) 56(84) bytes of data.
64 bytes from 192.168.1.20: icmp_seq=1 ttl=64 time=0.280 ms
64 bytes from 192.168.1.20: icmp_seq=2 ttl=64 time=0.268 ms
64 bytes from 192.168.1.20: icmp_seq=3 ttl=64 time=0.913 ms
64 bytes from 192.168.1.20: icmp_seq=4 ttl=64 time=0.488 ms

Posted: **Thu Apr 14, 2016 9:52 am**

From both machines, what is the output of route -n?

To add to that, I noticed 5666/tcp filtered nrpe - Is there anything between the two servers at all?

Posted: **Thu Apr 14, 2016 5:16 pm**

Hello,

Nah there was nothing between two hosts ---- I gave myself a rest and re-visited the issue and I noticed my two accept rules in the iptables were below a reject all rule (which I missed until very slow going over it) --- are iptables processed in order? (I'm not very familiar with them etc)

---- I then noticed the syntax was slightly off within the iptables file itself (when I tried to run the command manually it gave me a unknown 192.168.1.1 variable etc --- which I thought oh bugger that explains that...

Once I fixed that up it connected as I expected it to (but I couldn't close this post because it was still awaiting approval by a moderator)

Thank you though for getting back to me, I'm sure now that I've got the connection working I'm going to have all types of h**** ... fun trying to work out how to make the service definitions for NRPE on the nagios server side.

It's not something I have done before so into the fray I go !

Thanks again!

Posted: **Fri Apr 15, 2016 10:42 am**

I am glad your issue has been resolved! I am locking this topic. If you have any more questions/issues, please start a new thread.

Nagios Support Forum

No Route to Host NRPE --- Don't know why...

No Route to Host NRPE --- Don't know why...

Re: No Route to Host NRPE --- Don't know why...

Re: No Route to Host NRPE --- Don't know why...

Re: No Route to Host NRPE --- Don't know why...