Firewall rule for NRPEv2?



  • I've installed the NRPEv2 package on my 2.0.1 version of pfSense.  I've setup the default checks, set the port to 5666 and set the two IPs.  My Nagios box can't communicate with pfS.  On the Nagios side I get:

    CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

    Do I need to manually set some sort of rule to allow this communication in/out of pfS?

    The binding IP address is on the same network as the Nagios server (10.1.1.0/24)

    Thanks
    AWS



  • Try to disable ssl communications between nagions and pfsense as well create a rule to permit traffic on port 5666.

    It worked for me.



  • Can you proof my rule to allow 5666 traffic?

    Firewall / Rules / LAN:
    ID, Proto, …
    <empty>TCP Nagios * pfS 5666 * none   Pass NRPE

    above, "Nagios" is aliased to the local IP of the Nagios server, "pfS" is aliased to the LAN IP of pfSense.  My Nagios box is on the same subnet as this pfS box.  They talk via the LAN side.

    AWS</empty>



  • I enabled logging of the rule and I can see it is passing through:
    **Jan 20 07:40:01 LAN   10.1.1.4:46066   10.1.1.254:5666 TCP:S

    AWS**



  • Source nagios_ip
    Sourceport any

    Destination lan-address
    Destinationport 5666



  • Found the solution, from ScottWilkerson of Nagios (thread http://support.nagios.com/forum/viewtopic.php?f=6&t=4728&p=20437#p20437)

    Had to remove the $ARG2$ values on the Nagios side (plus use the firewall opening for port 5666)

    Thanks all for your suggestions/help.

    AWS


Locked