[Nagiosplug-help] NRPE allowed_hosts directive doesn't work?

Eli Spizzichino esac at javanet.info
Fri Jun 24 18:11:07 CEST 2005

Hi all,
I'm trying to make nrpe accept connection from my host
but it seems ignoring allowed_host directive.
When is run in inetd + tcpwrapper _it works_ but I don't whant this
setup I whant it run as daemon and use the firewall for access control.
I've read the FAQ(s) about "CHECK_NRPE: Error - Could not complete SSL
handshake" and several mails in the archive this are things I checked:

· telnetting to 5666 closes connection
· Different versions? on server (gentoo) nagios-nrpe is 2.0 on client
(the monitored host) there is debian-sarge and apt-cache show
nagios-nrpe-server Version: 2.0-7
maybe this is the problem...

· SSL: both on server and client side is installed
server 0.9.7e-r1
client 0.9.7e-3

· Incorrect file permissions:
-rw-rw----  1 nagios nagios 5.0K /etc/nagios/nrpe.cfg

· nrpe.cfg have allowed_hosts=,[my_current_ip] and debug option
to 1
· netstat -pta |grep nrpe
tcp        0      0 *:nrpe     *:*     LISTEN     31399/nrpe
· nmap -sT -p 5666 -PT client-IP
5666/tcp open  unknown
on server it shouldn't needed to open up ports but I enable both in and
out connection to 5666.

· command line used to run the client:
su -c '/usr/sbin/nrpe -d -c /etc/nagios/nrpe.cfg' nagios

· logs (not very helpfull)

Added command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
Added command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5
-c 30,25,20
Added command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w
5 -c 10 -s Z
Added command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w
150 -c 200
INFO: SSL/TLS initialized. All network traffic will be encrypted.
Starting up daemon
Listening for connections on port 5666
Allowing connections from:, [my_temp_IP]
Connection from [my_temp_IP] port 57860
Host [my_temp_IP] is not allowed to talk to us!
Connection from [my_temp_IP] closed.

I hope someone has good ideas...
I wrote to nagios-user two days ago but got no reply sorry for the cross
post and thanks


More information about the Help mailing list