is it working on localhost or not???!!! it could be selinux problem also, if context is not correct.
It's working on localhost:
[root@puppet:~] #telnet localhost 5666 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
I notice if I stop the firewall on the puppet host (for no more than 2 seconds) and hit NRPE from the monitoring host it works:
[root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H puppet.mydomain.com NRPE v2.15
But as soon as the firewall has been enabled on the puppet host (a microsecond later) I get this result:
[root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H puppet.mydomain.com connect to address 216.120.xxx.xxx port 5666: No route to host connect to host puppet.mydomain.com port 5666: No route to host
And nmap from the monitoring host tells me that the port is closed:
[root@monitor1:~] #nmap -p 5666 puppet.mydomain.com
Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 23:20 UTC Nmap scan report for puppet.jokefire.com (216.120.250.140) Host is up (0.011s latency). PORT STATE SERVICE 5666/tcp filtered nrpe
Back on the puppet host I verify that the port is open for UDP:
[root@puppet:~] #firewall-cmd --list-ports 5666/udp
That should be right AFAIK.
Can anybody tell me what I'm doing wrong ?
Thanks Tim
On Sun, May 3, 2015 at 6:59 PM, Eero Volotinen eero.volotinen@iki.fi wrote:
is it working on localhost or not???!!! it could be selinux problem also, if context is not correct.
-- Eero
2015-05-04 1:55 GMT+03:00 Tim Dunphy bluethundr@gmail.com:
It's listening on both IPv6 and IPv4. Specifically, why is that a
problem?
The central problem seems to be that the monitoring host can't hit nrpe
on
port 5666 UDP.
[root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H puppet.mydomain.com CHECK_NRPE: Socket timeout after 10 seconds.
It is listening on the puppet host on port 5666
[root@puppet:~] #lsof -i :5666 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME xinetd 2915 root 5u IPv6 24493 0t0 TCP *:nrpe (LISTEN)
And the firewall is allowing that port:
[root@puppet:~] #firewall-cmd --list-ports 5666/udp
But if I check the port using nmap
[root@monitor1:~] #nmap -p 5666 puppet.mydomain.com
Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:51 UTC Nmap scan report for puppet.jokefire.com (216.120.250.140) Host is up (0.012s latency). PORT STATE SERVICE 5666/tcp filtered nrpe
That port is closed despite the port being allowed on the firewall.
So I thought that the problem was that xinetd was listening to port 5666 only on tcp v6. And when the monitoring host hits the puppet host using
tcp
v4 it can't because only tcp v6 is active on that port.
You mention that it's listening on both tcp v4 and v6. But I only see v6
in
that output. How are you determining that
It's a problem because the port does not appear to be open from the monitoring host:
[root@monitor1:~] #nmap -p 5666 puppet.mydomain.com
Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:33 UTC Nmap scan report for puppet.jokefire.com (216.120.250.140) Host is up (0.011s latency). PORT STATE SERVICE 5666/tcp filtered nrpe
You could add "ipv6.disable=1" to your kernel args.
What am I doing wrong? I need to be able to disable tcpv6 completely!
Worth a shot!
On Sun, May 3, 2015 at 5:44 PM, Gordon Messmer <gordon.messmer@gmail.com
wrote:
On 05/03/2015 02:18 PM, Tim Dunphy wrote:
Yet, xinetd/nrpe still seems to be listeing on TCP v6!!
It's listening on both IPv6 and IPv4. Specifically, why is that a
problem?
What am I doing wrong? I need to be able to disable tcpv6 completely!
You could add "ipv6.disable=1" to your kernel args. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos