Nagios X IpTables

Hari Sekhon hpsekhon at googlemail.com
Mon Aug 14 19:23:38 CEST 2006


If you want the rule to match any ip then you should just leave the -s 
any and -d any out of the line

iptables -A INPUT -p udp --dport 5666 -j ACCEPT
iptables -A FORWARD -p udp --dport=5666 -j ACCEPT

This will allow anything from anywhere to port 5666 on this host. The 
second line is not needed unless this box is a router. It's better to do 
something like

iptables -A INPUT -p udp -s 192.168.1.0/24 --dport 5666 -j ACCEPT

assuming your network is in the 192.168.1.1-255 range, since this would 
limit the port opening to only those machine on your network (or more 
specifically those machines in the 192.168.1.0 network).

If it causes you too much trouble, you could be forgiven for doing 
iptables -F and disable it's re-application in the init scripts 
(assuming this host is protected behind a firewall!)

Hari


Rodrigo Maceno wrote:
> Ok, I understood what you said... But you could help me one more 
> time?  I tried to put two rules in IpTables:
> iptables -A INPUT -p udp -s any/0 -d any/0 --dport=5666 -j ACCEPT
> iptables -A FORWARD -p udp -s any/0 -d any/0 --dport=5666 -j ACCEPT
>
> but I don't know if there is anything wrong... Could you help again??
>
> Thanks...
>
>
>
>
> 2006/8/14, Hari Sekhon <hpsekhon at googlemail.com 
> <mailto:hpsekhon at googlemail.com>>:
>
>     Rodrigo Maceno wrote:
>     Hello,
>     I have the nagios installed and working normal, but it only works
>     if I stop he iptables service. I would like to know how do it to
>     run the Nagios without stop iptables. Anyone could help me??
>
>     Thanks,
>     Rodrigo L. Maceno
>
>     PS: Sorry for my english... :/
>
>     ------------------------------------------------------------------------
>
>     -------------------------------------------------------------------------
>     Using Tomcat but need to do more? Need to support web services, security?
>     Get stuff done quickly with pre-integrated technology to make your job easier
>
>     Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>
>     http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642>
>
>     ------------------------------------------------------------------------
>
>     _______________________________________________
>     Nagios-users mailing list
>     Nagios-users at lists.sourceforge.net
>      <mailto:Nagios-users at lists.sourceforge.net>
>     https://lists.sourceforge.net/lists/listinfo/nagios-users
>     ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
>     ::: Messages without supporting info will risk being sent to /dev/null
>
>
>     you need to learn iptables to open the necessary ports.
>
>
>     man iptables
>
>     would be a good place to start.
>
>     also, check out which ports are used by services etc using
>     netstat. It will take you a lot of time to figure out, but it's
>     too complicated and specific to your setup for anybody to guide
>     you all the way through.
>
>     man netstat
>     man iptables
>
>     will get you started.
>
>     Hari
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20060814/357e0797/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list