nrpe-nt not sending FIN/SYN?

[Andrew Ruddock]

All,

It appears I have a potentially unique problem.  I've been through the 
mailing lists and support documentation everywhere and can't find a 
resolution so I am hoping someone else has seen this problem or 
something similar.

We are running Nagios 2.2 on a linux server which sits in one dmz behind 
a Cisco Pix firewall.  The Nagios server is checking the NRPE-NT 0.8b 
client on many Windows 2000/2003 servers in another dmz.  We have a 
firewall policy that permit the Nagios server and associated NRPE port 
to connect to any host in the second dmz.

Although Nagios is able to connect and receive responses from the NRPE 
clients, it appears that the connections are not being closed 
gracefully.  My firewall the Pix, is being flooded with tons of Denial 
messages.  I've done packet captures to try and isolate the problem, and 
it appears that the NRPE client is sending a frame without a FIN or SYN 
in it.  This is causing my firewall to log a LOT more than it really 
needs to.

Here is the the problem definition from Cisco:

/%PIX-6-106015: Deny TCP (no connection) from IP_addr/port to 
IP_addr/port flags flags on interface int_name./

Explanation  -  This message is logged when the PIX Firewall discards a 
TCP packet that has no associated connection in the PIX Firewall unit's 
connection table. PIX Firewall looks for a SYN flag in the packet, which 
indicates a request to establish a new connection. If the SYN flag is 
not set, and there is not an existing connection, the PIX Firewall 
discards the packet.

My log files are huge.  I would really like to get them back down to a 
more manageable size.  Any thoughts would be appreciated.


Regards,

Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20060714/a0ea23d7/attachment.html>
-------------- next part --------------

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null