Nagios Support Forum

When nagios makes a NRPE query to a host, documentation suggests that by default we're hitting the target host's port 5666.

But what's the source port that nagios uses to make this query?

When the target host running nrpe replies back to Nagios, what port does the system use?

Is it all on 5666?

Found a few documents online such as the below but not sure if this is covering the whole communication process.

https://assets.nagios.com/downloads/nag ... tocols.pdf

https://www.speedguide.net/port.php?port=5666

Thank you in advance for your insights.

Hello, @jake2019. Nagios will probably use a random port within the TCP port range. Many Linux kernels use the port range 32768 to 61000.
Check out this documentation for a better understanding of how nrpe works:
https://assets.nagios.com/downloads/nag ... e/NRPE.pdf

Thank you @npolovenko

Is there further documentation I could use to dive deeper?

My current situation is a physical firewall standing between my nagios server subnet and the subnet where one of my target nrpe hosts resides. It would be awesome if i could implement an ACL to allow nrpe traffic in-between the subnets but with as much restriction as possible, to only a few ports.

Thank you again for any additional insights

They're also known as ephemeral ports: https://en.wikipedia.org/wiki/Ephemeral_port. As far as forcing it to a specific source port, I'm afraid that would take some custom dev of the software and likely kernel.

Thank you for the information @cdienger !

@jake2019, Do you have any more questions for us before I close the thread?