>
> It's listening on both IPv6 and IPv4. Specifically, why is that a
problem?
The central problem seems to be that the monitoring host can't hit nrpe on
port 5666 UDP.
[root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
puppet.mydomain.com
CHECK_NRPE: Socket timeout after 10 seconds.
It is listening on the puppet host on port 5666
[root at puppet:~] #lsof -i :5666
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 2915 root 5u IPv6 24493 0t0 TCP *:nrpe (LISTEN)
And the firewall is allowing that port:
[root at puppet:~] #firewall-cmd --list-ports
5666/udp
But if I check the port using nmap
[root at monitor1:~] #nmap -p 5666 puppet.mydomain.com
Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:51 UTC
Nmap scan report for puppet.jokefire.com (216.120.250.140)
Host is up (0.012s latency).
PORT STATE SERVICE
5666/tcp filtered nrpe
That port is closed despite the port being allowed on the firewall.
So I thought that the problem was that xinetd was listening to port 5666
only on tcp v6. And when the monitoring host hits the puppet host using tcp
v4 it can't because only tcp v6 is active on that port.
You mention that it's listening on both tcp v4 and v6. But I only see v6 in
that output. How are you determining that
It's a problem because the port does not appear to be open from the
monitoring host:
[root at monitor1:~] #nmap -p 5666 puppet.mydomain.com
Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:33 UTC
Nmap scan report for puppet.jokefire.com (216.120.250.140)
Host is up (0.011s latency).
PORT STATE SERVICE
5666/tcp filtered nrpe
>
>
> You could add "ipv6.disable=1" to your kernel args.
What am I doing wrong? I need to be able to disable tcpv6
completely!>
Worth a shot!
On Sun, May 3, 2015 at 5:44 PM, Gordon Messmer <gordon.messmer at
gmail.com>
wrote:
> On 05/03/2015 02:18 PM, Tim Dunphy wrote:
>
>> Yet, xinetd/nrpe still seems to be listeing on TCP v6!!
>>
>
> It's listening on both IPv6 and IPv4. Specifically, why is that a
problem?
>
> What am I doing wrong? I need to be able to disable tcpv6 completely!
>>
>
> You could add "ipv6.disable=1" to your kernel args.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B