the server running nagios does not need nrpe set up on it, it just runs check_nrpe. check_nrpe initiates a connection, so no firewall settings should be needed either.
on the remote server:
-try temporarily >removing< the only_from line to make sure you've got that correct. restart xinetd.
-do a netstat -pantu |grep 5666 and make sure inetd is actually listening on that port. If it's not, make sure the path to nrpe is correct, the path to nrpe.cfg is correct, and the nagios user exists.
- tail /var/log/messages after restarting the inet daemon to make sure inetd isn't erroring on something.
-"tail -f /var/log/secure" on your remote server while doing a query or similar file if you're not on redhat. See if it's even seeing the connection attempt, and if it's blocking it for some reason.
-turn off iptables or the firewall temporarily if you're running it to see if that's the problem.
-Is there an upstream firewall blocking stuff?
I'd be doing a
check_nrpe -H -c check_whatever
instead. replace check_whatever with something you have defined in nrpe.cfg on the remote box.
If i were you i'd switch to the nagios user on the remote box (su - nagios) and run one of the plugin commands (something like /usr/local/nagios/libexec/check_load -w 8,3,1 -c 10,5,2) and make sure the nagios user can actually run it. This point is irrelevant to your current problem as it won't time out if you have permissions problems, but just in case you run into problems later.
Hope this helps