[Nagiosplug-help] check_icmp oddness

[Philipp Geschke]

Hi,

I ran into a similar problem yesterday.

I had the same behavior of check_icmp although I was pinging servers, 
not a router.

After searching the web for hours, and trying out that patch (that 
didn't work for me), I finally worked myself to the answer, that the 
problem is just check_icmp related, but caused by the client.

The main difference between check_ping and check_icmp is (afaik), that 
check_ping is just a wrapper for the system's ping binary, which causes 
it to be pretty slow. check_icmp on the other hand, directly sends the 
icmp packets to the target, causing it to 1) be faster because it 
doesn't have to parse another binary's output, and 2) sending the icmp 
packet A LOT faster than the system's ping binary will.
And that's exactly what caused the client to drop the packets.
In my case there was a client firewall in place (namely fiaif, an 
iptables based fw), which had a rule loaded, that caused the firewall to 
drop any hosts icmp packets that would send more than 1 packet per 
second. So I always had 1 reply and n timeouts, causing 80% packet loss 
when sending 5 packets.

I suggest you check a) the firewall rules you can see on the vpn router, 
and b) ask the manufacturer whether there could be a rule in place that 
doesn't show up (wouldn't be the first time), that could cause the 
router to show a similar behavior.


--Philipp

Israel Brewster schrieb:
> I am having some difficulty using the check_icmp plugin to monitor a  
> number of my hosts, specifically Linksys RV082 routers running the  
> latest firmware. What's happening is if I have a command line such as:
> 
> ./check_icmp -n 2 -m 1 -w 3000,80% -c 5000,100% xx.xxx.xxx.111  
> xx.xxx.xxx.33
> 
> (or the equivalent from the nagios configs) it works (I have a dual- 
> WAN configuration on the router, both IP's are for the same device).  
> However, if I change the -n argument to 3, I get 33% packet loss.  
> Changing the -n argument to 4 gives 50% packet loss, etc. This is  
> consistent and reproducible-only the first two packets ever get  
> through. check_ping, however, works perfectly, even if I tell it to  
> send something like 10 packets, as does an ongoing ping directly from  
> the command line.
> 
> So this leaves me needing one of two questions answered: either a) how  
> can I fix check_icmp so it works properly, or b) what can I use  
> instead of check_icmp that will allow me to monitor both ports of the  
> router simultaneously? I actually did ask that second question in the  
> nagios users mailing list, and check_icmp was the best answer I got. I  
> can, of course, write a wrapper script for check_ping to make it  
> behave the same as check_icmp in this regard, but I would consider  
> that a last resort. Thanks!