Host is not allowed to talk to us!

Andy Shellam andy-lists at networkmail.eu
Fri Dec 12 20:50:45 CET 2008
Previous message: Host is not allowed to talk to us!
Next message: Host is not allowed to talk to us!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Grant,

What I meant was NRPE is denying a connection from a host you've not 
allowed in your config (i.e. it's not your Nagios server.)  Can you 
identify the server that NRPE is not allowing to connect?  Is it one of 
your own IP addresses?

The fact that your NRPE system is inside a DMZ may be important - it 
could be something simple like your NRPE box sees your Nagios server at 
a different IP address than you think.  Can you elaborate a bit more on 
your layout?

Thanks,
Andy

Grant Lowe wrote:
> Hi Andy,
>
> The remote nrpe client (xxx.xxx.xxx.xxx) is on a DMZ at work, and the nagios server is internal.  You're saying the remote nrpe system should not be able to accept requests when queried from the nagios host.  There shouldn't be any port scanning going on.  I had the networking folks open up port 5666, so I thought that would take of that.  What am I missing?
>
> Thanks, Andy!
>
>
>
> ----- Original Message ----
> From: Andy Shellam <andy-lists at networkmail.eu>
> To: Grant Lowe <glowe at sbcglobal.net>
> Cc: nagios-user Mailinglist <nagios-users at lists.sourceforge.net>
> Sent: Friday, December 12, 2008 10:45:09 AM
> Subject: Re: [Nagios-users] Host is not allowed to talk to us!
>
> Grant,
>
> Are remote checks from your Nagios server to this NRPE client 
> succeeding?  Is xxx.xxx.xxx.xxx one of your own, or an external IP 
> address?  I'm thinking there may be a remote system trying to talk to 
> your NRPE system that it's not allowing (which is correct.)  It could 
> potentially be some sort of port scanner if your client is publicly 
> accessible.
>
> Regards,
> Andy
>
> Grant Lowe wrote:
>   
>> Hi Marc,
>>
>> Thanks for the quick reply.  Yes, I have the correct IP.  Also I already have debugging turned on in nrpe.cfg.  I have other clients connecting just fine.  I just restarted nrpe and I got this message:
>>
>> Dec 12 09:18:22 nagiosclient svc.startd[7]: [ID 748625 daemon.error] network/cswnrpe:default failed repeatedly
>> Dec 12 09:19:25 nagiosclient nrpe[643]: [ID 601491 daemon.notice] Starting up daemon
>> Dec 12 09:19:25 nagiosclient nrpe[643]: [ID 627629 daemon.notice] Warning: Daemon is configured to accept command arguments from clients!
>> Dec 12 09:19:42 nagiosclient nrpe[649]: [ID 381997 daemon.error] Host xxx.xxx.xxx.xxx is not allowed to talk to us!
>>
>> We're not using IPV6, so I guess that's not a problem.  Other thoughts?
>>
>>
>>
>> ----- Original Message ----
>> From: Marc Powell <marc at ena.com>
>> To: nagios-user Mailinglist <nagios-users at lists.sourceforge.net>
>> Sent: Friday, December 12, 2008 8:58:42 AM
>> Subject: Re: [Nagios-users] Host is not allowed to talk to us!
>>
>>
>> On Dec 12, 2008, at 10:23 AM, Grant Lowe wrote:
>>
>>  
>>     
>>> Hi all,
>>>
>>> I'm getting a message from the syslog of my nrpe client that says:
>>>
>>> Host xxx.xxx.xxx.xxx is not allowed to talk to us!
>>>
>>> In the nrpe.cfg file I have the IP address of the nagios server:
>>>
>>> allowed_hosts=127.0.0.1,172.20.40.45
>>>    
>>>       
>> The code around this error is very straightforward and looks like a  
>> simple address match. Are you sure you have the correct IP and nrpe  
>> has been restarted? Are you using IPV6 locally?
>>
>> In any event, putting nrpe into debug mode and watching /var/log/ 
>> messages should be informative.
>>
>> --
>> Marc
>>
>>
>> ------------------------------------------------------------------------------
>> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
>> The future of the web can't happen without you.  Join us at MIX09 to help
>> pave the way to the Next Web now. Learn more and register at
>> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
>> ::: Messages without supporting info will risk being sent to /dev/null
>>
>>
>> ------------------------------------------------------------------------------
>> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
>> The future of the web can't happen without you.  Join us at MIX09 to help
>> pave the way to the Next Web now. Learn more and register at
>> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
>> ::: Messages without supporting info will risk being sent to /dev/null
>>  
>>     
>
>
>   

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Host is not allowed to talk to us!
Next message: Host is not allowed to talk to us!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list