check_dhcp seems not working

Kevin Keane subscription at kkeane.com
Fri Jan 16 04:55:07 CET 2009
Previous message: check_dhcp seems not working
Next message: check_dhcp seems not working
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thank you!

In my case, the server-side firewall works without a problem. The server 
does hand out DHCP addresses all the time.

It was the client-side firewall (i.e., the one on the Nagios server) 
that blocked the DHCP request, even though I opened both ports 67 and 68 
for both TCP and UDP. It happened both with broadcast DHCP requests and 
with directed ones (using the -s <serverip> arg).

Oddly enough, I didn't see anything at all in the firewall log that 
would indicate what was blocked.

James Miller wrote:
> Sorry for the top post
>
>    1. Lease Request - The client sends a broadcast requesting an IP
>       address
>    2. Lease Offer - The server sends the above information and marks
>       the offered address as unavailable. The message sent is a
>       DHCPOFFER broadcast message.
>    3. Lease Acceptance - The first offer received by the client is
>       accepted. The acceptance is sent from the client as a broadcast
>       (DHCPREQUEST message) including the IP address of the DNS server
>       that sent the accepted offer. Other DHCP servers retract their
>       offers and mark the offered address as available and the
>       accepted address as unavailable.
>    4. Server lease acknowledgement - The server sends a DHCPACK or a
>       DHCPNACK if an unavailable address was requested.
>
> All DHCP packets travel as UDP datagrams; all client-sent packets have 
> source port 68 and destination port 67; all server-sent packets have 
> source port 67 and destination port 68. For example, a server-side 
> firewall should allow the following types of packets:
>
>     * Incoming packets from 0.0.0.0 or dhcp-pool to dhcp-ip
>     * Incoming packets from any address to 255.255.255.255
>     * Outgoing packets from dhcp-ip to dhcp-pool or 255.255.255.255
>
> where dhcp-ip represents any address configured on a DHCP server host 
> and dhcp-pool stands for the pool from which a DHCP server assigns 
> addresses to clients
>
>
> Jim
>
>  
>
>
> Kevin Keane wrote:
>> Christian, actually, your question prompted me to try it again. Turned 
>> out that it was the firewall software on my Nagios box that blocked the 
>> DHCP request. As soon as I turned it off, check_dhcp worked. I'm not yet 
>> sure which ports to open to make it work with the firewall on. So far, I 
>> tried ports 67 and 68 for both TCP and UDP, but that seems not to be enough.
>>
>> Christian Iñiguez wrote:
>>   
>>> Exactly Kevin, you are right
>>>
>>>
>>>
>>> ----- Mensaje original ----
>>> De: Kevin Keane <subscription at kkeane.com>
>>> CC: nagios-users at lists.sourceforge.net
>>> Enviado: jueves, 15 de enero, 2009 13:39:47
>>> Asunto: Re: [Nagios-users] check_dhcp seems not working
>>>
>>> jmoseley at corp.xanadoo.com wrote:
>>>   
>>>     
>>>> Christian Iñiguez <challenger_joseph at yahoo.com.mx>  wrote:
>>>>
>>>>   
>>>>     
>>>>       
>>>>> Hi Everyone
>>>>>
>>>>> I have a linux server as dhcp server and it's working very well, and I'd
>>>>>     
>>>>>       
>>>>>         
>>>> like to monitoring it with nrpe plugin and check_dhcp.>
>>>>   
>>>>     
>>>>       
>>>>> The problem here is the outcome of check_dhcp is always: CRITICAL: No
>>>>>     
>>>>>       
>>>>>         
>>>> DHCPOFFERs were received. But the server is working alright.
>>>>   
>>>>     
>>>>       
>>>>> The command line is: check_dhcp -s serverip -t 30
>>>>>
>>>>> What am I doing wrong? Any suggest?
>>>>>
>>>>> Thanks in advance!
>>>>>     
>>>>>       
>>>>>         
>>>> I have no idea which flavor of DHCP you are running (probably ISC's), but I
>>>> don't think you are going to be able to run check_dhcp from the DHCP server
>>>> itself.  The DHCP server will see an incoming requeset from itself and
>>>> probably block it.  Therefore, using the nrpe method of doing these checks
>>>> is a moot point.
>>>>
>>>> If your Nagios server is on the same network as the DHCP server, just run
>>>> check_dhcp from the Nagios box.  If you're running Nagios on a different
>>>> network than the DHCP server and there is a firewall in between, you'll
>>>> probably have to do several things:
>>>>
>>>> 1. Open up a hole in the firewall to allow the Nagios server to request a
>>>> DHCP address from the DHCP server
>>>> 2. Have a DHCP relay statement on the router's interface your Nagios server
>>>> connects to so it knows to which server to relay the DHCP request to
>>>> 3. Setup a small DHCP subnet on the DHCP server in the same IP range as the
>>>> Nagios server so it can offer a valid IP address
>>>>     
>>>>       
>>> I actually have the same problem as Christian, and it does NOT work even 
>>> though Nagios is running on a different box on the same network as the 
>>> DHCP server. In fact, the Nagios box actually gets its IP address from 
>>> the same DHCP server that I would like to monitor (ISC DHCP server 3.0.6 
>>> on a SuSE 10.3). I've seen the same problem before against a Windows 
>>> DHCP server, too, never been able to make check_dhcp work.
>>>
>>> check_dhcp -v prints this:
>>>
>>> DHCP socket: 3
>>> Hardware address: 00:0c:29:0e:28:4f
>>> DHCPDISCOVER to 255.255.255.255 port 67
>>> DHCPDISCOVER XID: 2138668641 (0x7F797E61)
>>> DHCDISCOVER ciaddr:  0.0.0.0
>>> DHCDISCOVER yiaddr:  0.0.0.0
>>> DHCDISCOVER siaddr:  0.0.0.0
>>> DHCDISCOVER giaddr:  0.0.0.0
>>> send_dhcp_packet result: 548
>>>
>>>
>>>
>>>
>>> No (more) data received (nfound: 0)
>>> Result=ERROR
>>> Total responses seen on the wire: 0
>>> Valid responses for this machine: 0
>>> CRITICAL: No DHCPOFFERs were received.
>>>
>>>   
>>>     
>>
>>
>>   


-- 
Kevin Keane
Owner
The NetTech
Find the Uncommon: Expert Solutions for a Network You Never Have to Think About

Office: 866-642-7116
http://www.4nettech.com

This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof.


------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: check_dhcp seems not working
Next message: check_dhcp seems not working
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list