From: splatbang m. <ti...@ma...> - 2001-10-23 22:47:01
|
You shouldn't have to open any holes in your firewall if Nagios is initiating the check. Most firewalls will understand that if you initiate a connection from the inside to the outside, it will allow the receive packets back through. You only have to worry if you are making a connection from a server on the outside going in. Other than that, if you have to make a hole, just lock it down to specific ip and port on the firewall. Also, make sure that the external box is pretty secure. you should be fine. Marty Enerson ----- Original Message ----- From: <sco...@us...> Cc: <nag...@li...> Sent: Tuesday, October 23, 2001 4:34 PM Subject: RE: [Nagios-users] Placing Nagios correctly in the network > > Sorry I didn't explain more clearly. First of all, the 46 MB is Ram. Not > concerned about the HD size. Also, I am the admin of the firewall. This > network runs off of a DSL line. I control everything past SWB's router. > Are there any major security issues know that could come about from opening > a hole in the firewall to allow Nagios (Netsaint) communication through? > > Thanks again for all of your feedback > > > > > To: nag...@li... > cc: (bcc: Scott V. Seglie) > Chr...@in... Date: 10/23/2001 03:32 PM > Sent by: Subject: RE: [Nagios-users] Placing Nagios correctly in the network > nag...@li...urcef > orge.net > > Message Mailed On Behalf Of ---> > nag...@li... > > > > > > > > > > > With a box that size you should be able to monitor 100-200 services without > any problem (having done with an older version of Netsaint ;). > > Like Marty said depending on the firewall setup you could have problems > running "normal" check through it. A couple of options to look at would be > running Netsaint in passive mode on a host in the DMZ (probably the best > bet, tho most complicated to setup) or convincing you firewall admin to > poke > a hole for NRPE/NRPEP/check_by_ssh. > > HTH > Chris > > > -----Original Message----- > > From: sco...@us... > > [mailto:sco...@us...] > > Sent: Tuesday, October 23, 2001 12:38 PM > > To: nag...@li... > > Subject: [Nagios-users] Placing Nagios correctly in the network > > > > > > Hello, > > I have been working on setting up Nagios for some time now. I have no > > problem with patience since it seems like a great tool. I am > > getting ready > > to start from scratch on a test lab and just wondering some basic > > questions: > > > > I will have a dedicated box to Nagios (a powerful 120 Mhz > > laptop) on my > > internal network. A few things with this... > > -Is the 120 Mhz, 46 MB box enough for Nagios? I don't think > > that the tool > > is too cpu/ram intensive for the checks that it does, but > > wanted to make > > sure before I started trying to install... > > > > -I will have the laptop on my internal network and would like > > to monitor > > 2-3 boxes on the internal network and also on box that is on > > the DMZ. What > > major issues might I run into requesting information from the > > box in the > > DMZ through the firewall? I'm guessing I will need to set up > > rules in the > > firewall from the internal network and to the DMZ? Probably not too > > secure. Any ideas on monitoring boxes on the internal > > network and DMZ? > > > > -Also, any opinions on best operating system to install > > Nagios on? BSD? > > Linux? No real preference, mainly just ease of install. > > > > Any help is greatly appreciated. > > > > Scott > > *******************Internet Email Confidentiality > > Footer******************* > > > > > > Privileged/Confidential Information may be contained in this > > message. If > > you are not the addressee indicated in this message (or > > responsible for > > delivery of the message to such person), you may not copy or > > deliver this > > message to anyone. In such case, you should destroy this > > message and kindly > > notify the sender by reply email. Please advise immediately > > if you or your > > employer do not consent to Internet email for messages of this kind. > > Opinions, conclusions and other information in this message > > that do not > > relate to the official business of my firm shall be > > understood as neither > > given nor endorsed by it. > > > > > > _______________________________________________ > > Nagios-users mailing list > > Nag...@li... > > https://lists.sourceforge.net/lists/listinfo/nagios-users > > > > _______________________________________________ > Nagios-users mailing list > Nag...@li... > https://lists.sourceforge.net/lists/listinfo/nagios-users > > > > > > *******************Internet Email Confidentiality Footer******************* > > > Privileged/Confidential Information may be contained in this message. If > you are not the addressee indicated in this message (or responsible for > delivery of the message to such person), you may not copy or deliver this > message to anyone. In such case, you should destroy this message and kindly > notify the sender by reply email. Please advise immediately if you or your > employer do not consent to Internet email for messages of this kind. > Opinions, conclusions and other information in this message that do not > relate to the official business of my firm shall be understood as neither > given nor endorsed by it. > > > _______________________________________________ > Nagios-users mailing list > Nag...@li... > https://lists.sourceforge.net/lists/listinfo/nagios-users |