[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5894
  • Last Modified:

Nagios can't connect to port 12489 on terminal server

I'm in the process of adding servers to our Nagios system using the nsclient. On two servers which are both terminal servers on the local network the host check passes but the service checks timeout due to socket timeout.

I have checked each server and confirmed that port 12489 is open and bound to the right NIC. No firewall is installed on the server and TCP/IP filtering on the NICs is not enabled. From the Nagios server I can ping the terminal server but when I nmap it by IP address, all ports except for 3389 are filtered. I don't know what could be causing this as there are many other servers on the same LAN not experiencing this issue. It seems this filtering action of port 12489 is what is preventing Nagios from doing the service checks. But I can't tell what is doing the filtering.

Could something in terminal services be causing this?
0
techno-wiz
Asked:
techno-wiz
  • 3
  • 2
1 Solution
 
NopiusCommented:
> It seems this filtering action of port 12489 is what is preventing Nagios from doing the service checks. But I can't tell what is doing the filtering.

nmap may lie when the port is non standard. Try 'telnet IP 12498' if you don't see 'connection refused', that's OK. If you see, probably terminal server not listening on port 12496, if you get connection timeout, most probably we have a filter somewhere between.

Also it may be a firewall on Nagios system, run 'iptables-save' to check. Is there any system between Nagios and terminal server (I mean are they in the same LAN)?

0
 
techno-wizAuthor Commented:
Have made some progress on this but still haven't quite pinpointed the problem.

These two servers are on the same subnet as the other servers, nagios server, and my workstation. From the nagios server I can only nmap using the -P0 switch and the only port on these servers that doesn't get filtered is 3389. Likewise, I can telnet only to port 3389 on these servers either from my workstation or the nagios server. Any other port times out even though I know the port is open on the server.

BUT if I go to either of the problem servers I can telnet just fine to port 12489 on the other server. So between the two problem servers no ports are being filtered but from these servers to everything else all ports except 3389 are being filtered.

I'm thinking it is something in the configuration of our Cisco switch. All of our Cisco stuff is done by a contractor. My network manager doesn't think there is anything in the network itself that would be doing this but that is the only explanation I can come up with.
0
 
NopiusCommented:
> These two servers are on the same subnet as the other servers, nagios server, and my workstation.
AND
> BUT if I go to either of the problem servers I can telnet just fine to port 12489 on the other server.

Means you have no problems with Cisco switch, it just passes all through.

So the problem is in 'nagios' host or in it's firewall. Please run as root 'iptables-save' and show results here if not too secret.
0
 
techno-wizAuthor Commented:
>Means you have no problems with Cisco switch, it just passes all through.

Yes it passes through from one problem server to the other. However it does not pass through say from my XP workstation to there. From my XP workstation the only port on these servers I can telnet to is 3389. If these ports were being filtered at the servers then I shouldn't be able to telnet to them from each other. If the problem is on my nagios server and I can telnet to port 12489 from one server to the other then I should be able to do the same from my XP machine or other windows machines. I can't. NMAP from the XP box to the problem servers has the same results as NMAP from the nagios server to the problem servers, only 3389 can be seen open and all other ports are filtered. This indicates to me that the problem is not on the nagios server but somewhere in between.

>So the problem is in 'nagios' host or in it's firewall. Please run as root 'iptables-save' and show results >here if not too secret.

You'll have to forgive me as I am not familiar with iptables. I haven't done any iptables configuration on this server but I did try the command iptables-save as root and nothing was displayed in the terminal window.
0
 
techno-wizAuthor Commented:
The problem turned out to be our IPS that physically between the nagios server and the servers in the server room. Nagios was initially set up outside the server room and for some reason the IPS was filtering port 12489 on these two servers but not the others. Moved the Nagios server into the server room so traffic between it and the other servers is no longer going through the IPS. Problem solved.
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now