Topic: NRPE behind a SME firewall denied

[DeMan]

Hi support,

I want to monitor a server with Nagios/NRPE behind a SME firewall.
This SME firewall is also monitored with no problems at all.
The SME firewall has a forward rule to forward tcp port 5667 to 5666.
The monitored server behind the sme firewall dropped the tcp packages.

I've add some iptables commands but still no luck.

/sbin/iptables -A InboundTCP -p tcp -s xxx.xxx.xxx.xxx --sport 1024:65535 -d 192.168.1.253 --dport 5666 -j ACCEPT
/sbin/iptables -A InboundTCP -p tcp -s 192.168.1.253 --sport 5666 -d xxx.xxx.xxx.xxx --dport 1024:65535 -j ACCEPT

Please advice.

Kind regards

[Stefano]

I want to monitor a server with Nagios/NRPE behind a SME firewall.

is the server being monitored SME?

This SME firewall is also monitored with no problems at all.
The SME firewall has a forward rule to forward tcp port 5667 to 5666.
The monitored server behind the sme firewall dropped the tcp packages.

if the internal server drops the packets, it's not a SME issue.. so this post is OT here

Ciao
Stefano

[DeMan]

Hi support,

The monitoring server is an SME server. This server monitored other servers over the internet (client networks). The monitoring tool is Nagios the remote daemon is NRPE.
Monitoring remote SME firewalls works just fine, but remote SME server behind a SME firewall not! Forwarded packages are dropped by iptables.

Please advice.

[Stefano]

but remote SME server behind a SME firewall not! Forwarded packages are dropped by iptables.

so internal server being monitored IS SME...

you should read here

HTH
Ciao
Stefano

[DeMan]

Stefano,

Problem solved, thank you for the support.

Bob