Nagios server on other side of firewall


I have moved my nagios server into my dmz and I am now unable to monitor my internal network servers. I have opened the snmp udp ports 161 and 162 on my firewall to allow traffic over those ports but it still is not working. Does anyone know what might need to be open on the firewall in order to be able to monitor my internal servers?



Depends what you are monitoring and how you are monitoring it, for instace…
Default port for NRPE: 5666
Default port for NSClient++: 12489
Plus, port 80 for check_http, whatever for check_tcp, ICMP type 8 for ping, etc etc


Thanks for the response, does the NSClient++ use tcp or udp?




Ok so I opened a hole in my firewall allowing tcp traffic to go through on port 12489 but my nagios server still doesn’'t seem to be able to communicate with the host sitting on my internal network.

I am running the nssclient on the host and monitoring services. Could there be something I am missing?


Can nagios ping the device? One other thing springs to mind, one assumes that the move to the DMZ involved an alteration of IP address for your Nagios server from the perspective of the inside clients, unless you are doing some sort of NAT… Assuming that is the case, did you make the appropriate changes to nsc.ini and restart nsclient? I believe it is usual practice to specify the nagios server’s IP address in the configuration in the nsclient config


Duh, I forgot about the client made the change in the .ini file restarted the service and all is well. Thanks so much for your help!!!


No worries :frowning: