NSClient++. Monitoring the devices behind the Firewall.

C. Bensend benny at bennyvision.com
Tue Mar 15 14:41:40 CET 2011

Previous message: NSClient++. Monitoring the devices behind the Firewall.
Next message: NSClient++. Monitoring the devices behind the Firewall.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The question I have is the same of already reported in the link
> http://nsclient.com/nscp/discussion/topic/466#-1. The diagram and scenario
> is the same reported in the link
> http://nsclient.com/nscp/wiki/doc/usage/nagios/nrpe but with a second
> remote
> Firewall.
>
> Basically, I know how to configure a remote Windows computer with a fix
> TCP-IP address but I have no idea how to configure a remote Windows
> NSClient
> or an NRPE UNIX client installed behind a remote Firewall. The remote
> subnet
> has a NAT in this case and how the Nagios server can reach a remote client
> in this scenario?
> Any idea?

Well, each of the clients behind the firewall needs to be
individually addressable somehow.  You can do this in several
ways, here are two:

1) Assign ports on the firewall to NAT to the individual clients
   behind it.  Ie, assign port 45000 to be NATed to client 1, port
   5666.  Assign port 45001 to be NATed to client 2, port 5666,
   etc.  Then, on your Nagios server, use the IP of your firewall
   and the individual ports to communicate with the clients.

2) Assign multiple IPs to the firewall, and NAT each IP and port
   X (by default, 5666) to the clients behind it.

If you're looking to do this without cooperation from the client
and their security folks, you're going to run into problems.  If
they want you to monitor their hosts, they have to provide some
manner of accessing them.

In either of the examples above, I would strongly recommend that
they assign firewall rules to allow connections to the clients'
NSClient++ services *only* from your Nagios server.  Don't leave
those ports open to the unwashed masses.

A VPN between your sites is also an option.

Benny


-- 
"Hairy ape nads."        -- Colleen, playing Neverwinter Nights



------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: NSClient++. Monitoring the devices behind the Firewall.
Next message: NSClient++. Monitoring the devices behind the Firewall.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list