is it working on localhost or not???!!! it could be selinux problem also, if context is not correct. -- Eero 2015-05-04 1:55 GMT+03:00 Tim Dunphy <bluethundr@xxxxxxxxx>: > > > > It's listening on both IPv6 and IPv4. Specifically, why is that a > problem? > > > The central problem seems to be that the monitoring host can't hit nrpe on > port 5666 UDP. > > [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H > puppet.mydomain.com > CHECK_NRPE: Socket timeout after 10 seconds. > > It is listening on the puppet host on port 5666 > > [root@puppet:~] #lsof -i :5666 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > xinetd 2915 root 5u IPv6 24493 0t0 TCP *:nrpe (LISTEN) > > And the firewall is allowing that port: > > [root@puppet:~] #firewall-cmd --list-ports > 5666/udp > > But if I check the port using nmap > > [root@monitor1:~] #nmap -p 5666 puppet.mydomain.com > > Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:51 UTC > Nmap scan report for puppet.jokefire.com (216.120.250.140) > Host is up (0.012s latency). > PORT STATE SERVICE > 5666/tcp filtered nrpe > > That port is closed despite the port being allowed on the firewall. > > So I thought that the problem was that xinetd was listening to port 5666 > only on tcp v6. And when the monitoring host hits the puppet host using tcp > v4 it can't because only tcp v6 is active on that port. > > You mention that it's listening on both tcp v4 and v6. But I only see v6 in > that output. How are you determining that > > It's a problem because the port does not appear to be open from the > monitoring host: > > [root@monitor1:~] #nmap -p 5666 puppet.mydomain.com > > Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-03 22:33 UTC > Nmap scan report for puppet.jokefire.com (216.120.250.140) > Host is up (0.011s latency). > PORT STATE SERVICE > 5666/tcp filtered nrpe > > > > > > > You could add "ipv6.disable=1" to your kernel args. > > What am I doing wrong? I need to be able to disable tcpv6 completely! > > > > Worth a shot! > > On Sun, May 3, 2015 at 5:44 PM, Gordon Messmer <gordon.messmer@xxxxxxxxx> > wrote: > > > On 05/03/2015 02:18 PM, Tim Dunphy wrote: > > > >> Yet, xinetd/nrpe still seems to be listeing on TCP v6!! > >> > > > > It's listening on both IPv6 and IPv4. Specifically, why is that a > problem? > > > > What am I doing wrong? I need to be able to disable tcpv6 completely! > >> > > > > You could add "ipv6.disable=1" to your kernel args. > > _______________________________________________ > > CentOS mailing list > > CentOS@xxxxxxxxxx > > http://lists.centos.org/mailman/listinfo/centos > > > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos