nrpe - high port connection from nrpe agent to nagois server?

[Marc Powell]

On Jul 20, 2009, at 8:18 AM, Terry wrote:

> On Fri, Jul 17, 2009 at 1:10 PM, Terry<td3201 at gmail.com> wrote:
>> Hello,
>>
>> I am seeing these rules on our firewall and don't understand them.
>>
>> Jul 17 13:00:20 10.98.1.1 %ASA-6-106015: Deny TCP (no connection)  
>> from
>> 10.51.1.20/5666 to 10.98.1.120/56716 flags RST  on interface VLAN51
>>
>> The nagios server is able to hit the agent on 5666 just fine but why
>> would the agent try to connect back to the nagios server on a high
>> port?
>>
>> Thanks!
>>
>
> Any ideas on this?

The high port side is surely the port used by the outbound NSCA  
connection to receive data during the conversation. Your firewall  
believes that outbound connection is terminated but the central host  
is still trying to close or reset the connection. While I'm certainly  
no TCP expert, the RST itself might be normal for Linux and HP clients  
(at least according to Wikipedia - http://en.wikipedia.org/wiki/Transmission_Control_Protocol 
  - Connection Termination). I doubt it's NSCA itself and more likely  
to be your OS, but again, I'm no expert here and just edu-guessing...

--
Marc


------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null