Host is not allowed to talk to us!

Grant Lowe glowe at sbcglobal.net
Fri Dec 12 23:52:57 CET 2008


Well, operator error (I made a mistake). I found that inside nrpe.cfg there is a lines tha I needed to modify:

allowed_hosts=xxx.xxx.xxx.xxx

I modified that and now I get a different error:

nrpe[2779]: [ID 813741 daemon.error] Error: Could not complete SSL handshake. 1

On the nagios server, I've tried running the command with -n and without -n and both fail.  However, only with -n do I get an error.  Without -n I get no errors.  This is the command I'm running:

[root at nagios-test ~]# /usr/lib/nagios/plugins/check_nrpe -H xxx.xxx.xxx.xxx -c check_swap
NRPE: Unable to read output
[root at nagios-test ~]#




----- Original Message ----
From: Marc Powell <marc at ena.com>
To: nagios-user Mailinglist <nagios-users at lists.sourceforge.net>
Sent: Friday, December 12, 2008 1:15:18 PM
Subject: Re: [Nagios-users] Host is not allowed to talk to us!


On Dec 12, 2008, at 2:45 PM, Grant Lowe wrote:

> Hi Andy,
>
> Bear with me.  I'm trying to understand all this
>
> Hmm. That makes sense.  Judging by the IP address in the NRPE logs,  
> that looks like its a problem.  The IP address it says its not  
> allowed to talk to is the NAT'ed IP address, not the real IP  
> address, of the Nagios server.

This is what I was asking earlier ;)

> I can ping the Nagios servver by IP and it does respond correctly,

You can ping the private, 172.20.40.45 address? That would be a very  
unusual configuration if you're also seeing a public address on the  
NRPE side. I expect the box would have to be dual-homed for that to  
happen, in which case your NRPE box would also have to have an IP on  
the private network and you could tell Nagios to use that one instead  
of the one you're using now (completely guessing about your network  
architecture so MyMMV).

> But doing a who, or a netstat -a  and grepping for established  
> connections shows the NAT'ed IP.  All addresses are adddresses that  
> we own.  I'm at a loss of how to correct this.  How do I get the  
> networking folks to show the NRPE host the real IP address of the  
> server?  Can it be done?

They should know how, and it depends entirely on how your network is  
designed. There's no way we can tell you how without knowing that in  
significant detail ;) Is there a reason you can't just permit the  
public NAT IP that NRPE is seeing? Seems to me to be the most direct  
and easiest solution.

--
Marc


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list