NRPE only_from

[Marc Powell]

On Mar 3, 2009, at 8:02 AM, Martyn wrote:

> Hi all, I want to test connectivity from the outside world to my  
> Linux box inside my network, I'm wanting to test before I try and  
> monitor an external box.
>
> On the inside of my network I have a Linux box on 192.168.3.245  
> running NRPE and my Nagios Server on 192.168.3.247
> Both of these are connected to a 3560 Cisco Switch which in turn is  
> connected to my Linksys Router then onto my Cable modem.
>
> On my Linux box I have in my nrpe "only_from = 192.168.3.247 which  
> allows Nagios to gather its stats, however if I change it to the  
> public IP address that is given I get the following errors  
> "Check_NRPE: Error Could not complete SSL handshake".
>
NRPE will never see the public IP of your Linksys Router/Cable modem.  
The requests do not originate from that device. It may pass them, but  
it does not originate them. You need to permit the (public) IP of the  
machine you are testing from.
> In my .cfg file on my Nagios server (the cfg of the box I want to  
> monitor) I have pointed it to my public IP address and restarted  
> Nagios.
>
> On my Linksys Router I'm port forwarding to the Linux box port 5666  
> but it makes no difference, I have even put my Linux box in the DMZ  
> but still no joy.
>
I would be very surprised if the Linksys router supported NAT  
reflection. The key is that the requests must come in from the WAN  
interface for the port forwarding to work. If you're testing the port  
forwarding from your nagios machine (on private IP), the Linksys box  
isn't going to use the Forward rule for that connection.
> Does anybody know how I can test my Linux box so it looks like its  
> from the external network, failing that does anybody have a test box  
> I can try and monitor for 10 minutes or so.
>
Test from a machine that is off your network, on the public Internet;  
a friends computer or one at work. Unless you have multiple public  
IP's given to you by your provider, an architecture to simulate that  
locally is complicated.
> Also, NRPE the line only_from, am I allowed to put the domain name  
> or is it just IP address only
>
Do you mean 'allowed_hosts'?

# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon.

--
Marc


------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null