Nagios monitoring with a Dynamic IP..
 

Hi all,

Hoping someone will be able to help with a small nagios Problem / query.

I have a nagios server setup at home and need to set it up to monitor a remote Linux server.

The network the nagios server is located on uses a dynamic IP and not a static.

The remote server also has the firewall activated and would need to be configured to allow connections from a particular IP.

Is there anyway i can get around this?

Was hoping to use NRPE to perform the checks instead of over ssh

Since nrpe uses a specific port you could open iptables to allow connections to that port from any IP. This is not ideal but not as dangerous as it might be since it is only giving access to monitoring data. Someone would have to know or guess what you had in nrpe.cfg on the Linux server and know that the port they'd found was for nrpe to do anything with it. (Of course you'd want to use an atypical port.)

You could also use ssh and setup a trusted connection from your home server to the Linux host. Here again you'd have to open up to any IP but could use an atypical port (i.e. do NOT use port 22) for your ssh. Since the trust is based on the key from your home system only your home system would be able to make the trusted connection. If it were me I'd go with the nrpe idea as being somewhat less dangerous.

Of course if you could narrow down the range of IPs that would be helpful as well. It is better to allow 1000 IPs than 10,000,000 although still entails a bit of risk. Is the "dynamic IP" provided by your ISP or by something else?

Another option you might explore is setting up a vpn connection from your home PC to the Linux host (or the network on which it sits). The VPN would a) Give you a limited range of IPs you are coming from so limit how many IPs you allow in iptables and b) Encrypt the traffic so that the nrpe attachment isn't visible. That is to say that while your home system's public IP is still random the IP the VPN sets up will be somewhat less random.

The Dynamic side is done by the IP. They don't offer static to the public and only to business users. I use Dyndns.com service so i can get connected at home no matter where i am / ip

I'll try and speak to my colleague who mainly manages the server and see what we can come up with..

I've been able to connect for the time being to the remote sever via nagios.

I've had to put my current ip into ip tables and into the nrpe file in allow hosts..

I've spoken to my colleague and we can allow the port open to all and will change the nrpe port number to a random one


What i need to know is if there is a script that can pick up my current ip address from the dymanic dns name and then add that ip into the nrpe file under the correct line / position.

I know I'm raising the dead but one thing I'd like to mention is that NRPE is for active checks. In the case of a dynamic host it is best to use nsca to submit passive checks.