Firewall rule for NRPEv2?
-
I've installed the NRPEv2 package on my 2.0.1 version of pfSense. I've setup the default checks, set the port to 5666 and set the two IPs. My Nagios box can't communicate with pfS. On the Nagios side I get:
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
Do I need to manually set some sort of rule to allow this communication in/out of pfS?
The binding IP address is on the same network as the Nagios server (10.1.1.0/24)
Thanks
AWS -
Try to disable ssl communications between nagions and pfsense as well create a rule to permit traffic on port 5666.
It worked for me.
-
Can you proof my rule to allow 5666 traffic?
Firewall / Rules / LAN:
ID, Proto, …
<empty>TCP Nagios * pfS 5666 * none Pass NRPEabove, "Nagios" is aliased to the local IP of the Nagios server, "pfS" is aliased to the LAN IP of pfSense. My Nagios box is on the same subnet as this pfS box. They talk via the LAN side.
AWS</empty>
-
I enabled logging of the rule and I can see it is passing through:
**Jan 20 07:40:01 LAN 10.1.1.4:46066 10.1.1.254:5666 TCP:SAWS**
-
Source nagios_ip
Sourceport anyDestination lan-address
Destinationport 5666 -
Found the solution, from ScottWilkerson of Nagios (thread http://support.nagios.com/forum/viewtopic.php?f=6&t=4728&p=20437#p20437)
Had to remove the $ARG2$ values on the Nagios side (plus use the firewall opening for port 5666)
Thanks all for your suggestions/help.
AWS