Results 1 to 2 of 2

Thread: Firewall problem with nagios

  1. July 8th, 2009 #1
    glisignoli
    glisignoli is offline Spilled the Beans
    Join Date
    Feb 2008
    Beans
    13

    Firewall problem with nagios

    I'm trying to open port 5666 for nagios (nrpe) on a mail server, but I no matter what I do I can never get access to that port.

    I check to see if the port is available with "nmap -A -v localhost"
    but it never shows.

    I added port 5666 to my firewall with:
    Code:
    iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 5666 -j ACCEPT
    I've set NRPE up as described in the NRPE pdf file (it says to use xinetd, I'm not to sure how the effect this).

    My /etc/xinetd.d/nrpe file is:
    Code:
     default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from       = 127.0.0.1
}
    Output of netstat -an | grep "LISTEN "
    Code:
    tcp        0      0 0.0.0.0:5666            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:873             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.1:53          0.0.0.0:*               LISTEN
tcp        0      0 10.10.50.254:53         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
tcp6       0      0 :::4899                 :::*                    LISTEN
tcp6       0      0 :::2022                 :::*                    LISTEN
tcp6       0      0 :::873                  :::*                    LISTEN
tcp6       0      0 :::110                  :::*                    LISTEN
tcp6       0      0 :::143                  :::*                    LISTEN
tcp6       0      0 :::1877                 :::*                    LISTEN
tcp6       0      0 :::25                   :::*                    LISTEN
tcp6       0      0 ::1:953                 :::*                    LISTEN
    Nmap -A -v localhost

    Code:
    Discovered open port 21/tcp on 127.0.0.1
Discovered open port 53/tcp on 127.0.0.1
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 783/tcp on 127.0.0.1
Discovered open port 953/tcp on 127.0.0.1
Discovered open port 2022/tcp on 127.0.0.1
Discovered open port 139/tcp on 127.0.0.1
Discovered open port 143/tcp on 127.0.0.1
Discovered open port 110/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 4899/tcp on 127.0.0.1
Discovered open port 445/tcp on 127.0.0.1
Discovered open port 873/tcp on 127.0.0.1
    Last edited by glisignoli; July 8th, 2009 at 05:12 AM. Reason: update
    Advanced reply Adv Reply  
  2. July 10th, 2009 #2
    slugmax
    slugmax is offline 5 Cups of Ubuntu
    Join Date
    Apr 2006
    Beans
    24

    Re: Firewall problem with nagios

    Quote Originally Posted by glisignoli View Post
    I'm trying to open port 5666 for nagios (nrpe) on a mail server, but I no matter what I do I can never get access to that port.
    I added port 5666 to my firewall with:
    Code:
    iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 5666 -j ACCEPT
    ...
    Code:
    tcp        0      0 0.0.0.0:5666            0.0.0.0:*               LISTEN
    If the firewall is on the mail server, then check your nmap-services file for port 5666, if it is not present, nmap won't scan that port unless you specify it with something like 'nmap -v -p 5666 localhost'.

    If your firewall is on a different box from your mail server, the problem is your iptables rule. The INPUT chain only sees packets destined for the firewall itself. You want:

    Code:
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --dport 5666 -m state --state NEW -j ACCEPT
...
    and you'll also need to enable IP forwarding (if it's not already).

    You might find these scripts useful as a reference in that case:

    http://blog.unixlore.net/2006/03/lin...l-scripts.html

    Doug
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct