On Fri, 14 Jul 2006, Andrew Ruddock wrote:
> We are running Nagios 2.2 on a linux server which sits in one dmz behind
> a Cisco Pix firewall. The Nagios server is checking the NRPE-NT 0.8b
> client on many Windows 2000/2003 servers in another dmz. We have a
> firewall policy that permit the Nagios server and associated NRPE port
> to connect to any host in the second dmz.
>
> Although Nagios is able to connect and receive responses from the NRPE
> clients, it appears that the connections are not being closed
> gracefully. My firewall the Pix, is being flooded with tons of Denial
> messages. I've done packet captures to try and isolate the problem, and
> it appears that the NRPE client is sending a frame without a FIN or SYN
> in it. This is causing my firewall to log a LOT more than it really
> needs to.
I think I would like to see a full trace to establish who is not playing
ball here.
My guess is that a TCP connection is initiated and assumed to be open for
ages by Nagios (and relatives). But without traffic the PIX will shutdown
the session after N seconds (where N could be a common number like: 60,
300, 900 or 3600).
So in order to pass sentence we need the evidence in full.
But I would put my money on the PIX being the offender.
Hugo.
--
I hate duplicates. Just reply to the relevant mailinglist.
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
