is it working on localhost or not???!!! it could be selinux problem also, if context is not correct.
-- Eero
2015-05-04 1:55 GMT+03:00 Tim Dunphy bluethundr@gmail.com:
It's listening on both IPv6 and IPv4. Specifically, why is that a
problem?
The central problem seems to be that the monitoring host can't hit nrpe on port 5666 UDP.
[root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H puppet.mydomain.com CHECK_NRPE: Socket timeout after 10 seconds.
It is listening on the puppet host on port 5666
[root@puppet:~] #lsof -i :5666 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME xinetd 2915 root 5u IPv6 24493 0t0 TCP *:nrpe (LISTEN)
And the firewall is allowing that port:
[root@puppet:~] #firewall-cmd --list-ports 5666/udp
But if I check the port using nmap
[root@monitor1:~] #nmap -p 5666 puppet.mydomain.com
Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:51 UTC Nmap scan report for puppet.jokefire.com (216.120.250.140) Host is up (0.012s latency). PORT STATE SERVICE 5666/tcp filtered nrpe
That port is closed despite the port being allowed on the firewall.
So I thought that the problem was that xinetd was listening to port 5666 only on tcp v6. And when the monitoring host hits the puppet host using tcp v4 it can't because only tcp v6 is active on that port.
You mention that it's listening on both tcp v4 and v6. But I only see v6 in that output. How are you determining that
It's a problem because the port does not appear to be open from the monitoring host:
[root@monitor1:~] #nmap -p 5666 puppet.mydomain.com
Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:33 UTC Nmap scan report for puppet.jokefire.com (216.120.250.140) Host is up (0.011s latency). PORT STATE SERVICE 5666/tcp filtered nrpe
You could add "ipv6.disable=1" to your kernel args.
What am I doing wrong? I need to be able to disable tcpv6 completely!
Worth a shot!
On Sun, May 3, 2015 at 5:44 PM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 05/03/2015 02:18 PM, Tim Dunphy wrote:
Yet, xinetd/nrpe still seems to be listeing on TCP v6!!
It's listening on both IPv6 and IPv4. Specifically, why is that a
problem?
What am I doing wrong? I need to be able to disable tcpv6 completely!
You could add "ipv6.disable=1" to your kernel args. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos