NRPE v2.15 connection refused centos 6

Question

I have set this up on many machines, ubuntu, redhat, and centos, but am having trouble with one machine.

I am using the nrpe package.

I have the correct permissions for nagios users, and my config is set up correctly.

What I am seeing is that if I leave server_address commented out in nrpe.cfg, then I can connect over 127.0.0.1. But if, like on all my other machines, I put the machines IP in server_address, then I cannot connect either from 127.0.0.1, or from the external machine (which is in allowed_hosts).

Happy to provide more info, but I have set this up many many times, so I know that my permissions and config are correct, I am looking for some insight in to why this server_address is causing the problem, perhaps a routing or ip issue?

thanks

Are you running NRPE as a stand-alone daemon or through Xinetd? — Itai Ganot, Feb 16 '15 at 16:40
What is the output of `netstat -atln` in those specific cases? What do the logs show? — Marki, Apr 03 '16 at 16:49

score 1 · Answer 1 · answered Jun 27 '14 at 10:56

Nothing you have said is self-inconsistent. If you don't specify server_address, NRPE will bind to all interfaces. Connection from 127.0.0.1 is thus expected to work, and you say it does.

If you do specify it, and it's the machine's external address, NRPE will bind only to that address, and connections from 127.0.0.1 will be expected to fail.

As for why you can't connect to it from outside, that is likely a pathway issue. If you couldn't connect to port 5666 on the client's external address, from the client itself, when server_address was left blank, that would be odd. But you don't say that that is the case.

From the NAGIOS server, try telnet client.external.ip 5666, and see if you get anything at all. If you dont' even get a TCP connection, then we must suspect a firewall somewhere along the path (including on the client itself).

score 1 · Answer 2 · edited Feb 27 '17 at 11:22

Ok so now you are facing issue with only nrpe connection,in this case you have to only review your config file, there is no relation of permissions.
On server side: First make sure port 5666 is running

$ netstat -ntlp   
tcp        0      0 0.0.0.0:5666            0.0.0.0:***

If running then the problem is in your client machine.

On the client side: inside nrpe.conf (where conf file path is depends upon your linux flavour)
check:

server_port=5666 (nrpe port)
server_address=X.X.X.X (host IP address which is going to be monitored)
allowed_hosts=X.X.X.X (nrpe server IP address)

Note: If you are running this on centos/redhat please flush/stop your iptables or allow 5666 port through it.

NRPE v2.15 connection refused centos 6

2 Answers2