Re: can't disable tcp6 on centos 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



is it working on localhost or not???!!! it could be selinux problem also,
if context is not correct.

--
Eero

2015-05-04 1:55 GMT+03:00 Tim Dunphy <bluethundr@xxxxxxxxx>:

> >
> > It's listening on both IPv6 and IPv4.  Specifically, why is that a
> problem?
>
>
> The central problem seems to be that the monitoring host can't hit nrpe on
> port 5666 UDP.
>
> [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
> puppet.mydomain.com
> CHECK_NRPE: Socket timeout after 10 seconds.
>
> It is listening on the puppet host on port 5666
>
> [root@puppet:~] #lsof -i :5666
> COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
> xinetd  2915 root    5u  IPv6  24493      0t0  TCP *:nrpe (LISTEN)
>
> And the firewall is allowing that port:
>
> [root@puppet:~] #firewall-cmd --list-ports
> 5666/udp
>
> But if I check the port using nmap
>
> [root@monitor1:~] #nmap -p 5666 puppet.mydomain.com
>
> Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:51 UTC
> Nmap scan report for puppet.jokefire.com (216.120.250.140)
> Host is up (0.012s latency).
> PORT     STATE    SERVICE
> 5666/tcp filtered nrpe
>
> That port is closed despite the port being allowed on the firewall.
>
> So I thought that the problem was that xinetd was listening to port 5666
> only on tcp v6. And when the monitoring host hits the puppet host using tcp
> v4 it can't because only tcp v6 is active on that port.
>
> You mention that it's listening on both tcp v4 and v6. But I only see v6 in
> that output. How are you determining that
>
> It's a problem because the port does not appear to be open from the
> monitoring host:
>
> [root@monitor1:~] #nmap -p 5666 puppet.mydomain.com
>
> Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:33 UTC
> Nmap scan report for puppet.jokefire.com (216.120.250.140)
> Host is up (0.011s latency).
> PORT     STATE    SERVICE
> 5666/tcp filtered nrpe
>
> >
> >
> > You could add "ipv6.disable=1" to your kernel args.
>
> What am I doing wrong? I need to be able to disable tcpv6 completely!
> >
>
> Worth a shot!
>
> On Sun, May 3, 2015 at 5:44 PM, Gordon Messmer <gordon.messmer@xxxxxxxxx>
> wrote:
>
> > On 05/03/2015 02:18 PM, Tim Dunphy wrote:
> >
> >> Yet, xinetd/nrpe still seems to be listeing on TCP v6!!
> >>
> >
> > It's listening on both IPv6 and IPv4.  Specifically, why is that a
> problem?
> >
> >  What am I doing wrong? I need to be able to disable tcpv6 completely!
> >>
> >
> > You could add "ipv6.disable=1" to your kernel args.
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
>
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux