Firewalled hosts


#1

Hey everyone – As you’re about to find out I’m a Nagios n00b. I have a question about monitoring hosts at remote sites. I have a few windows hosts that are behind a firewall at a remote site. This site is available only by one single public IP. My question is (and this may be stupid) instead of having the Nagios server actively poll the windows hosts, can the windows hosts send updates to the Nagios server? There are 5 windows hosts behind this firewall I would like to monitor. If they can’t send status updates to the nagios server, how could i monitor these hosts? Change the port on each host and forward from the firewall?

Thanks in advance


#2

I see no way to do it in just a plug and play type of manner, but it may be simple, depending on how you have the firewall setup and what it is you want to monitor.

For example, if I wanted to monitor one of our ftp servers that sits on the internet, from inside (behind our firewall) the first thing I’d have to change is the host check command, since our firewall will not allow me to ping something outside. But yet, I can query the ftp, http, and the like, so my service check could be “check_ftp” and the host check could be the samething. So you see, my nagios central server would simply perform active check_ftp checks, and like is nice and simple.

So yea, it depends on what you want to do.


#3

jakkedup – Thanks for the reply. My one burning question is, can the Nsclient on a remote host check local resources, for instance, check free diskspace and send the results of those checks back to a Nagios monitoring server?

In my example above, I have a handful of hosts behind a firewall with no services exposed to the Internet. There isn’t a Nagios server on that LAN. Can the Windows servers with Nsclient installed send the results of the checks directly to a Nagios server across the Internet?


#4

From the sounds of it, the windows server can’t send results to the nagios across the internet because the nagios server is NOT on the internet, it’s behind your firewall on your company lan. Is that true? If so, then I’m not sure how you would get that data from the internet pc’s, to the company lan nagios server.

I’m sure it can be done, but off the top of my little head, I can’t think of a way to bust through your firewall or go around it.


#5

I was thinking something along the lines of the port forwarding.

For example, I could have the Windows servers send the check results across the Internet and have a port, say 4800, forwarded from the firewall to the Nagios monitor. So any checks performed by the Windows servers would be sent to 12.34.56.78:4800. The only real question I have is, can the Windows boxes collect the data and send it themselves to a Nagios monitor?

The way I understand it, in most cases the Nagios monitor actively polls the Windows servers for the results of the checks ran on the Windows servers. I want to be able to have the Windows server send the check results back to the Nagios monitor without Nagios having to ask for it.


#6

What you aredescribing is a passive nagios check. The nagios server never does the checking. It gets the checks from the remote hosts using one of many ways to perform that check.
nagiosexchange.org/Categories.7.0.html