Host is not allowed to talk to us!
Grant Lowe
glowe at sbcglobal.net
Fri Dec 12 23:38:53 CET 2008
Hi Marc,
Well at least I'm understanding you now :->
Yeah, I can ping the private IP address of the nagios server. The public address I'm seeing is NAT'ed IP address. I'm not going to make the box dual-home, but an option seems to me to just give the Nagios server an external DNS name and IP, then have the firewall redirect the traffic to the internal IP address.
You said "Is there a reason you can't just permit the public NAT IP that NRPE is seeing? Seems to me to be the most direct and easiest solution." I agree with you completely as that seems the easiest way. But I don't know if you can do that.
Meanwhile, I got the network admin to allow port 5666 through the firewall, added a DNS entry on the external network. I then add the NAT'ed IP address to the nrpe.cfg file. Now when I start NRPE I get these errors in the syslog:
ddress)
Dec 12 14:27:04 nrpe-server nrpe[2455]: [ID 601491 daemon.notice] Starting up daemon
Dec 12 14:27:04 nrpe-server nrpe[2455]: [ID 434846 daemon.error] Network server bind failure (126: Cannot assign requested address)
Dec 12 14:27:04 nrpe-server svc.startd[7]: [ID 748625 daemon.error] network/cswnrpe:default failed repeatedly
Now what?
----- Original Message ----
From: Marc Powell <marc at ena.com>
To: nagios-user Mailinglist <nagios-users at lists.sourceforge.net>
Sent: Friday, December 12, 2008 1:15:18 PM
Subject: Re: [Nagios-users] Host is not allowed to talk to us!
On Dec 12, 2008, at 2:45 PM, Grant Lowe wrote:
> Hi Andy,
>
> Bear with me. I'm trying to understand all this
>
> Hmm. That makes sense. Judging by the IP address in the NRPE logs,
> that looks like its a problem. The IP address it says its not
> allowed to talk to is the NAT'ed IP address, not the real IP
> address, of the Nagios server.
This is what I was asking earlier ;)
> I can ping the Nagios servver by IP and it does respond correctly,
You can ping the private, 172.20.40.45 address? That would be a very
unusual configuration if you're also seeing a public address on the
NRPE side. I expect the box would have to be dual-homed for that to
happen, in which case your NRPE box would also have to have an IP on
the private network and you could tell Nagios to use that one instead
of the one you're using now (completely guessing about your network
architecture so MyMMV).
> But doing a who, or a netstat -a and grepping for established
> connections shows the NAT'ed IP. All addresses are adddresses that
> we own. I'm at a loss of how to correct this. How do I get the
> networking folks to show the NRPE host the real IP address of the
> server? Can it be done?
They should know how, and it depends entirely on how your network is
designed. There's no way we can tell you how without knowing that in
significant detail ;) Is there a reason you can't just permit the
public NAT IP that NRPE is seeing? Seems to me to be the most direct
and easiest solution.
--
Marc
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list