Re: [CentOS] can't disable tcp6 on centos 7

2015-05-03 Thread Tim Dunphy
Eero, where did you installed this nrpe package? is selinux running enforcing > mode (getenforce command), try disabling with setenforce 0. why you are > running it under xinetd as usual way is to run it as nrped daemon. > For NRPE I usually do a source install with these flags: ./configure make

Re: [CentOS] can't disable tcp6 on centos 7

2015-05-03 Thread Eero Volotinen
Tim, where did you installed this nrpe package? is selinux running enforcing mode (getenforce command), try disabling with setenforce 0. why you are running it under xinetd as usual way is to run it as nrped daemon. test against with check_nrpe, not using telnet. -- Eero 2015-05-04 2:27 GMT+03:

Re: [CentOS] can't disable tcp6 on centos 7

2015-05-03 Thread Stephen Harris
On Sun, May 03, 2015 at 07:23:19PM -0400, Tim Dunphy wrote: > [root@puppet:~] #telnet localhost 5666 This is using TCP > [root@monitor1:~] #nmap -p 5666 puppet.mydomain.com ... > 5666/tcp filtered nrpe This is using TCP > Back on the puppet host I verify that the port is open for UDP: So why a

Re: [CentOS] can't disable tcp6 on centos 7

2015-05-03 Thread Tim Dunphy
> > is it working on localhost or not???!!! it could be selinux problem also, > if context is not correct. It's working on localhost: [root@puppet:~] #telnet localhost 5666 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. I notice if I stop the firewall on the puppet host (

Re: [CentOS] can't disable tcp6 on centos 7

2015-05-03 Thread Eero Volotinen
is it working on localhost or not???!!! it could be selinux problem also, if context is not correct. -- Eero 2015-05-04 1:55 GMT+03:00 Tim Dunphy : > > > > It's listening on both IPv6 and IPv4. Specifically, why is that a > problem? > > > The central problem seems to be that the monitoring host

Re: [CentOS] can't disable tcp6 on centos 7

2015-05-03 Thread Tim Dunphy
> > It's listening on both IPv6 and IPv4. Specifically, why is that a problem? The central problem seems to be that the monitoring host can't hit nrpe on port 5666 UDP. [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H puppet.mydomain.com CHECK_NRPE: Socket timeout after 10 seconds. I

Re: [CentOS] can't disable tcp6 on centos 7

2015-05-03 Thread Alberto Rivera Laporte
On Sun, May 3, 2015 at 4:18 PM Tim Dunphy wrote: > > What am I doing wrong? I need to be able to disable tcpv6 completely! > > > Ultimately you can disable ipv6 completely by disabling the ipv6 module. On this FAQ below also includes a reason why you may not want to do that. http://wiki.centos.or

Re: [CentOS] can't disable tcp6 on centos 7

2015-05-03 Thread Gordon Messmer
On 05/03/2015 02:18 PM, Tim Dunphy wrote: Yet, xinetd/nrpe still seems to be listeing on TCP v6!! It's listening on both IPv6 and IPv4. Specifically, why is that a problem? What am I doing wrong? I need to be able to disable tcpv6 completely! You could add "ipv6.disable=1" to your kernel a

[CentOS] can't disable tcp6 on centos 7

2015-05-03 Thread Tim Dunphy
hey all, I tried disabling tcp v6 on a C7 box this way: [root@puppet:~] #cat /etc/sysctl.conf # System default settings live in /usr/lib/sysctl.d/00-system.conf. # To override those settings, enter new settings here, or in an /etc/sysctl.d/.conf file # # For more information, see sysctl.conf(5)