Page 1 of 1
NCPA and NAT
Posted: Thu Mar 22, 2018 5:49 am
by FranckB1
Hi,
I'm trying to understand how Nagios can manage to monitor remote hosts, located behind routers with a single public IP address, using Nat and port forwarding.
It's quite easy to specify a port number when using the check_ncpa plugin, in order to be translated towards the right host inside the remote network, but how Nagios manages the repsonses to determine from which host they come from.
Do we need to set a specific port for responses, in the NCPA configuration of each host ?
And how do we configure Nagios for making him able to match each response with the right host ?
Apologizes if my demand could seem to be trivial, but I haven't found any accurate response on this topic until now.
Thanks for help.
Re: NCPA and NAT
Posted: Thu Mar 22, 2018 4:13 pm
by lmiltchev
It's quite easy to specify a port number when using the check_ncpa plugin, in order to be translated towards the right host inside the remote network, but how Nagios manages the repsonses to determine from which host they come from.
Do we need to set a specific port for responses, in the NCPA configuration of each host ?
And how do we configure Nagios for making him able to match each response with the right host ?
Nagios uses the host and service definition to know what check applies to what in the interface, so this wouldn't be an issue. With active checks, you could try something like this: translate ip:555 -> host1:5693 and ip:556 -> host2:5693, etc.
The question is, why complicate things? You could simply use
passive checks.
Here's the NCPA documentation on passive checks:
https://www.nagios.org/ncpa/help.php#passive
Once the passive check results show up in the Unconfigured Objects, you can simply run the Unconfigured Passive Object wizard to set them up in Nagios XI. For more information on monitoring unconfigured objects, please review the document below:
https://assets.nagios.com/downloads/nag ... ith_XI.pdf
Hope this helps.
Re: NCPA and NAT
Posted: Fri Mar 23, 2018 3:08 am
by FranckB1
Hi, and thank you so much for your response.
I've already considered to use passive checks for these kind of configuration (and already tested it, works fine...).
However, the main drawback of passive checks is that they are.... passive. Which implies that if the remote host is down, you'll never be sent an alert for it.
That's why I was looking for a solution to proceed active checks through internet towards private networks...
Nagios uses the host and service definition to know what check applies to what in the interface, so this wouldn't be an issue. With active checks, you could try something like this: translate ip:555 -> host1:5693 and ip:556 -> host2:5693, etc.
I understand what you mean, but where, in Nagios, can I set these translations ?
Thanks for help.
Re: NCPA and NAT
Posted: Fri Mar 23, 2018 8:50 am
by mcapra
FranckB1 wrote:Which implies that if the remote host is down, you'll never be sent an alert for it.
Not necessarily. Here's the official documentation for passive checks:
https://assets.nagios.com/downloads/nag ... hecks.html
Nagios Core has a concept of a given check's "freshness". Essentially, if your machines don't phone home within a certain amount of time, their check results are flagged as "stale" and you can alert/notify on this condition. More info:
https://assets.nagios.com/downloads/nag ... hness.html
Re: NCPA and NAT
Posted: Fri Mar 23, 2018 3:13 pm
by kyang
Re: NCPA and NAT
Posted: Mon Mar 26, 2018 4:34 am
by FranckB1
Thanks @mcapra !
Really useful. I just tested it. It works fine !
Re: NCPA and NAT
Posted: Mon Mar 26, 2018 7:24 am
by FranckB1
FranckB1 wrote:
Nagios uses the host and service definition to know what check applies to what in the interface, so this wouldn't be an issue. With active checks, you could try something like this: translate ip:555 -> host1:5693 and ip:556 -> host2:5693, etc.
I understand what you mean, but where, in Nagios, can I set these translations ?
Thanks for help.
Any help about this ?
Thanks in advance.
Re: NCPA and NAT
Posted: Tue Mar 27, 2018 9:33 am
by scottwilkerson
FranckB1 wrote:FranckB1 wrote:
Nagios uses the host and service definition to know what check applies to what in the interface, so this wouldn't be an issue. With active checks, you could try something like this: translate ip:555 -> host1:5693 and ip:556 -> host2:5693, etc.
I understand what you mean, but where, in Nagios, can I set these translations ?
Thanks for help.
Any help about this ?
Thanks in advance.
This was an example suggestion on how you could setup NAT on your router, it was not a Nagios or NCPA setup