<div dir="ltr">Why not drop this rule temporarily and test. If it works, then you know for sure it is your firewall. If you need help with your iptables, visit their site or throw this question to their mailing list. Alternatively, you could seek commercial support. Lex <div class="gmail_quote">On Wed, Sep 3, 2008 at 4:21 AM, J. Bakshi <<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">Mark Young wrote: > On Sep 2, 2008, at 9:44 AM, J. Bakshi wrote: > > >> J. Bakshi wrote: >> >>> Alex Dehaini wrote: >>> >>> >>>> Dude, >>>> >>>> I am assisting with nagios not your firewall. Read your firewall >>>> docs >>>> very well. Remember to always read the documentation carefully >>>> before >>>> requesting for assistance that are already in the docs. >>>> >>>> >>> The nrpe docs mentions abt the firewall rules which I have already >>> used, >>> but no luck :-( >>> >>> >> Not firewall; I have solved the problem by incresing time with -t >> > > From what you are describing I believe that this is a problem with > your xinetd nrpe configuration. I run into this problem a lot. By > default Xinet will only allow so many instances per second that if > exceeded xinet will refuse connects for certain amount of time. > Basically your remote server thinks that it is being DDoS. Increasing > the time is only covering a symptom. > </div>Hi Mark, Thanks for your hints and configuration. I'm not using xinetd. I'm using nrpe daemon instead. May be my firewall is responsible for the problem but I'm not sure Even after increasing the time with -t 20 the commands still report socket time out :-( Here is the rule set I have in my firewall. May be this create the problem ## SYN-FLOODING PROTECTION # This rule maximises the rate of incoming connections. In order to do this we divert tcp # packets with the SYN bit set off to a user-defined chain. Up to limit-burst connections # can arrive in 1/limit seconds ..... in this case 4 connections in one second. After this, one # of the burst is regained every second and connections are allowed again. The default limit # is 3/hour. The default limit burst is 5. # iptables -N syn-flood iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN iptables -A syn-flood -j DROP with regards <div><div></div><div class="Wj3C7c"> > You can change this globally or per service by adding these lines in > ether /etc/xinetd.conf or /etc/xinetd.d/nrpe. You can play with the > exact numbers you need. I believe the default is 50 connections a > second. > > # CPS where 100 connection per second with a timepout of 10 seconds if > exceded. > > # Max number of instances running > > [myoung@vserve xinetd.d]# more nrpe > # default: on > # description: NRPE (Nagios Remote Plugin Executor) > service nrpe > { > flags = REUSE > socket_type = stream > port = 5666 > wait = no > user = nagios > group = nagios > server = /usr/local/nagios/bin/nrpe > server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd > log_on_failure += USERID > disable = no > only_from = <a href="http://127.0.0.1" target="_blank">127.0.0.1</a>,IP.ADDRESS.OF.NAGIOS > cps = 100 10 > instances = 300 > } > > > Good luck! > > Mark Young > ___ > Nagios Enterprises, LLC > Web: <a href="http://www.nagios.com" target="_blank">www.nagios.com</a> > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > <a href="http://moblin-contest.org/redirect.php?banner_id=100&url=/" target="_blank">http://moblin-contest.org/redirect.php?banner_id=100&url=/</a> > _______________________________________________ > Nagios-users mailing list > <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a> > <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> > ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > > </div></div>-- <div class="Ih2E3d">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Joydeep Bakshi, Linux System Admin Kolkatainfoservices Pvt Ltd, 23A Royd Street, Kolkata 700016, India Work Phone 91 033 40014784 <a href="http://infoservices.in/" target="_blank">http://infoservices.in/</a> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------- </div><div><div></div><div class="Wj3C7c">This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world <a href="http://moblin-contest.org/redirect.php?banner_id=100&url=/" target="_blank">http://moblin-contest.org/redirect.php?banner_id=100&url=/</a> _______________________________________________ Nagios-users mailing list <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null </div></div></blockquote></div> -- Alex Dehaini Developer Site - <a href="http://www.alexdehaini.com">www.alexdehaini.com</a> Email - <a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a> </div>