<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Thorndale AMT";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";
mso-believe-normal-left:yes;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1408653344;
mso-list-type:hybrid;
mso-list-template-ids:-721892878 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
-->
</style>
<![if mso 9]>
<style>
p.MsoNormal
{margin-left:2.7pt;}
</style>
<![endif]>
</head>
<body lang=EN-US link=blue vlink=purple style='margin-left:2.7pt;margin-top:
2.7pt;margin-right:2.7pt;margin-bottom:.7pt'>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Two things:<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'><span style='mso-list:Ignore'>1)<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'> </span></font></span></span></font><![endif]><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'>In your commands try to get numeric values. Saying it is
listening on port “nrpe” suggests it is OK but if /etc/services has
nrpe set to udp 3123 instead of tcp 5666 you’re not seeing what you think
you are. Do “lsof –i :5666” and it will show if anything is
listening on port 5666. Do “iptables –n –L” and it
will show the numerics instead of port names so you can verify it is port 5666.<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'><span style='mso-list:Ignore'>2)<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'> </span></font></span></span></font><![endif]><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'>You can easily rule out iptables issues by simply stopping iptables
(service iptables stop) and testing to see if the connection works. If it does
then your issue was iptables. If it doesn’t then it means something
other than iptables is blocking it. <o:p></o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
ale-bounces@ale.org [mailto:ale-bounces@ale.org] <b><span style='font-weight:
bold'>On Behalf Of </span></b>Tony Cicirello<br>
<b><span style='font-weight:bold'>Sent:</span></b> Thursday, February 10, 2011
1:27 PM<br>
<b><span style='font-weight:bold'>To:</span></b> Ale@ale.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> [ale] CHECK_NRPE: Error
receiving data from daemon.</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>This is probably a case of
missing the obvious but i have tried everything i could think of and also what
the nrpe.pdf doc suggests. </span></font><o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>I am installing nrpe on
centOS box using yum. The package installs without error.</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>Version info: nagios-nrpe
x86_64 2.12-1.el5.rf</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>I've added the check_nrpe
command to /etc/nagios/objects/commands.cfg</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'># 'check_nrpe' command
definition</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>define command {</span></font>
<o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>command_name check_nrpe</span></font>
<o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>command_line
$USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>}</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>and the host IP address to
nrpe.cfg</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>nrpe is configured to run
as a daemon and shows as running:</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ps auxw | grep nrpe</span></font>
<o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>root 26257 0.0 0.0 61164
692 pts/3 S+ 13:43 0:00 grep nrpe</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>nagios 29589 0.0 0.0 39968
1084 ? Ss 13:18 0:00 nrpe -c /etc/nagios/nrpe.cfg -d</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>nrpe is listening on the
correct port:</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>netstat -at | grep nrpe</span></font>
<o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>tcp 0 0
mail.panoston.com:nrpe *:* LISTEN</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>The problem(s) arise when
I run check_nrpe on the remote host.</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>Running without ssl yields</span></font>
<o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>/usr/lib64/nagios/plugins/check_nrpe
-H Remote IP address -n</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>Running with ssl yields:</span></font>
<o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>/usr/lib64/nagios/plugins/check_nrpe
-H 192.168.2.231</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>CHECK_NRPE: Error - Could
not complete SSL handshake.</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>I've verified that
IPtables is set correctly. Here is the output:</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>iptables -L</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>Chain INPUT (policy
ACCEPT)</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>target prot opt source
destination</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>RH-Firewall-1-INPUT all --
anywhere anywhere</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>Chain FORWARD (policy
ACCEPT)</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>target prot opt source
destination</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>RH-Firewall-1-INPUT all --
anywhere anywhere</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT all --
192.168.21.0/24 anywhere</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>Chain OUTPUT (policy
ACCEPT)</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>target prot opt source
destination</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>Chain RH-Firewall-1-INPUT
(2 references)</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>target prot opt source
destination</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT all -- anywhere
anywhere</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT icmp -- anywhere
anywhere icmp any</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT esp -- anywhere
anywhere</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT ah -- anywhere
anywhere</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT udp -- anywhere
224.0.0.251 udp dpt:mdns</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT udp -- anywhere
anywhere udp dpt:ipp</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere tcp dpt:ipp</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT all -- anywhere
anywhere state RELATED,ESTABLISHED</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT all -- 192.168.2.31
anywhere state NEW</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT all -- IP Address
anywhere state NEW</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:ssh</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:https</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:http</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:nrpe</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:ftp</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:netbios-ssn</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:mysql</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:smtp</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT udp -- anywhere
anywhere state NEW udp dpt:domain</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:domain</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:pop3</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT udp -- anywhere
anywhere state NEW udp dpt:ntp</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:imap</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT udp -- anywhere
anywhere udp spt:6277</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:responsenet</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:3121</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:vtr-emulator</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:openvpn</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT udp -- anywhere
anywhere state NEW udp dpt:openvpn</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>ACCEPT tcp -- anywhere
anywhere state NEW tcp dpt:rsf-1</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>REJECT all -- anywhere anywhere
reject-with icmp-host-prohibited</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>Here is the allowd_hosts
line from nrpe.cfg</span></font> <o:p></o:p></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>allowed_hosts=
96.37.142.40 (Monitor) 192.168.2.231 (Remote-for testing) 127.0.0.1</span></font>
<o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:
12.0pt;margin-left:0in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p style='margin:0in;margin-bottom:.0001pt'><font size=4 face="Thorndale AMT"><span
style='font-size:13.5pt;font-family:"Thorndale AMT"'>The only thing I haven't
tried is compiling from source using ./configure --enable-ssl. I assume yum
will make the ssl option available on installation.</span></font> <o:p></o:p></p>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>