<div dir="ltr">In that case, then it is not the firewall then. Lex <div class="gmail_quote">On Wed, Sep 3, 2008 at 8:58 AM, J. Bakshi <<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">Alex Dehaini wrote: > Why not drop this rule temporarily and test. If it works, then you > know for sure it is your firewall. </div>I did it. but no success. I should look into it in depth <div class="Ih2E3d"> > > Alternatively, you could seek commercial support. > > Lex > > On Wed, Sep 3, 2008 at 4:21 AM, J. Bakshi <<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a> </div><div><div></div><div class="Wj3C7c">> <mailto:<a href="mailto:joydeep@infoservices.in">joydeep@infoservices.in</a>>> wrote: > > Mark Young wrote: > > On Sep 2, 2008, at 9:44 AM, J. Bakshi wrote: > > > > > >> J. Bakshi wrote: > >> > >>> Alex Dehaini wrote: > >>> > >>> > >>>> Dude, > >>>> > >>>> I am assisting with nagios not your firewall. Read your firewall > >>>> docs > >>>> very well. Remember to always read the documentation carefully > >>>> before > >>>> requesting for assistance that are already in the docs. > >>>> > >>>> > >>> The nrpe docs mentions abt the firewall rules which I have already > >>> used, > >>> but no luck :-( > >>> > >>> > >> Not firewall; I have solved the problem by incresing time with -t > >> > > > > From what you are describing I believe that this is a problem with > > your xinetd nrpe configuration. I run into this problem a lot. By > > default Xinet will only allow so many instances per second that if > > exceeded xinet will refuse connects for certain amount of time. > > Basically your remote server thinks that it is being DDoS. > Increasing > > the time is only covering a symptom. > > > > Hi Mark, > > Thanks for your hints and configuration. > I'm not using xinetd. I'm using nrpe daemon instead. > May be my firewall is responsible for the problem but I'm not sure > Even after increasing the time with -t 20 the commands still report > socket time out :-( > > Here is the rule set I have in my firewall. May be this create the > problem > > ## SYN-FLOODING PROTECTION > # This rule maximises the rate of incoming connections. In order to do > this we divert tcp > # packets with the SYN bit set off to a user-defined chain. Up to > limit-burst connections > # can arrive in 1/limit seconds ..... in this case 4 connections > in one > second. After this, one > # of the burst is regained every second and connections are allowed > again. The default limit > # is 3/hour. The default limit burst is 5. > # > iptables -N syn-flood > iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood > iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN > iptables -A syn-flood -j DROP > > > with regards > > > You can change this globally or per service by adding these lines in > > ether /etc/xinetd.conf or /etc/xinetd.d/nrpe. You can play with the > > exact numbers you need. I believe the default is 50 connections a > > second. > > > > # CPS where 100 connection per second with a timepout of 10 > seconds if > > exceded. > > > > # Max number of instances running > > > > [myoung@vserve xinetd.d]# more nrpe > > # default: on > > # description: NRPE (Nagios Remote Plugin Executor) > > service nrpe > > { > > flags = REUSE > > socket_type = stream > > port = 5666 > > wait = no > > user = nagios > > group = nagios > > server = /usr/local/nagios/bin/nrpe > > server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd > > log_on_failure += USERID > > disable = no > > only_from = <a href="http://127.0.0.1" target="_blank">127.0.0.1</a> </div></div>> <<a href="http://127.0.0.1" target="_blank">http://127.0.0.1</a>>,IP.ADDRESS.OF.NAGIOS <div class="Ih2E3d">> > cps = 100 10 > > instances = 300 > > } > > > > > > Good luck! > > > > Mark Young > > ___ > > Nagios Enterprises, LLC </div>> > Web: <a href="http://www.nagios.com" target="_blank">www.nagios.com</a> <<a href="http://www.nagios.com" target="_blank">http://www.nagios.com</a>> <div class="Ih2E3d">> > > > > > > ------------------------------------------------------------------------- > > This SF.Net email is sponsored by the Moblin Your Move > Developer's challenge > > Build the coolest Linux based applications with Moblin SDK & win > great prizes > > Grand prize is a trip for two to an Open Source event anywhere > in the world > > <a href="http://moblin-contest.org/redirect.php?banner_id=100&url=/" target="_blank">http://moblin-contest.org/redirect.php?banner_id=100&url=/</a> > <<a href="http://moblin-contest.org/redirect.php?banner_id=100&url=/" target="_blank">http://moblin-contest.org/redirect.php?banner_id=100&url=/</a>> > > _______________________________________________ > > Nagios-users mailing list > > <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a> </div>> <mailto:<a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a>> <div class="Ih2E3d">> > <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> > > ::: Please include Nagios version, plugin version (-v) and OS > when reporting any issue. > > ::: Messages without supporting info will risk being sent to > /dev/null > > > > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Joydeep Bakshi, Linux System Admin > Kolkatainfoservices Pvt Ltd, > 23A Royd Street, Kolkata 700016, India > Work Phone 91 033 40014784 > <a href="http://infoservices.in/" target="_blank">http://infoservices.in/</a> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win > great prizes > Grand prize is a trip for two to an Open Source event anywhere in > the world > <a href="http://moblin-contest.org/redirect.php?banner_id=100&url=/" target="_blank">http://moblin-contest.org/redirect.php?banner_id=100&url=/</a> > <<a href="http://moblin-contest.org/redirect.php?banner_id=100&url=/" target="_blank">http://moblin-contest.org/redirect.php?banner_id=100&url=/</a>> > _______________________________________________ > Nagios-users mailing list > <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a> </div>> <mailto:<a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a>> <div class="Ih2E3d">> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > > > > > -- > Alex Dehaini > Developer </div>> Site - <a href="http://www.alexdehaini.com" target="_blank">www.alexdehaini.com</a> <<a href="http://www.alexdehaini.com" target="_blank">http://www.alexdehaini.com</a>> > Email - <a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a> <mailto:<a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a>> -- <div><div></div><div class="Wj3C7c">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Joydeep Bakshi, Linux System Admin Kolkatainfoservices Pvt Ltd, 23A Royd Street, Kolkata 700016, India Work Phone 91 033 40014784 <a href="http://infoservices.in/" target="_blank">http://infoservices.in/</a> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ </div></div></blockquote></div> -- Alex Dehaini Developer Site - <a href="http://www.alexdehaini.com">www.alexdehaini.com</a> Email - <a href="mailto:alexdehaini@gmail.com">alexdehaini@gmail.com</a> </div>