Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allowed_hosts does not work with a hostname resolving to an IPv6 address #31

Closed
tilmanschmidt opened this issue Oct 21, 2015 · 3 comments

Comments

Projects
None yet
3 participants
@tilmanschmidt
Copy link

commented Oct 21, 2015

A fully IPv6 dual stack enabled network is monitored by Nagios 3.5.1 installed from EPEL on a CentOS 6.7 server. Monitored hosts run NRPE agents, all of which are configured to run as daemons (not via xinetd) with the configuration line

allowed_hosts=bombur.example.com

where bombur.example.com is the Nagios server's FQDN which resolves in DNS to both the IPv4 and IPv6 addresses:

% host bombur
bombur.example.com has address 192.0.2.28
bombur.example.com has IPv6 address 2001:db8:f00:ba8::28

This works fine for hosts running NRPE releases before 2.15 which lack IPv6 support and ony accept IPv4 connections. But on hosts with NRPE 2.15, which does support IPv6, connections from the Nagios server are rejected with the log message:

nrpe[21665]: Host 2001:db8:f00:ba8::28 is not allowed to talk to us!

Apparently the allowed_hosts=<hostname> directive allows only the IPv4 address of the given host, not its IPv6 address.

@tilmanschmidt

This comment has been minimized.

Copy link
Author

commented Oct 26, 2015

Update: It doesn't work with separate hostnames for IPv4 and IPv6 either.
Setting

allowed_hosts=bombur-v4.example.com,bombur-v6.example.com

in nrpe.cfg results in the log entries

Allowing connections from: bombur-v4.example.com,bombur-v6.example.com
2001:db8:f00:ba8::28 is not allowed to talk to us!

even though

% host bombur-v4
bombur-v4.example.com has address 192.0.2.28
% host bombur-v6
bombur-v6.example.com has IPv6 address 2001:db8:f00:ba8::28

Putting

allowed_hosts=192.0.2.28,2001:db8:f00:ba8::28

into nrpe.cfg instead results in connections from 2001:db8:f00:ba8::28 being allowed as intended.
Looks like IPv6 lookups for hostnames in allowed_hosts do not work at all.

I also started a discussion about this issue at https://support.nagios.com/forum/viewtopic.php?f=7&t=35430 .

@tilmanschmidt tilmanschmidt changed the title allowed_hosts does not work with IPv4/IPv6 dualstack hosts allowed_hosts does not work with a hostname resolving to an IPv6 address Oct 26, 2015

@tmcnag

This comment has been minimized.

Copy link
Contributor

commented Oct 27, 2015

Dual-labeling as bug+enhancement until we can determine if this was supposed to work and is not (bug) or if it never worked and needs to be added (enhancement).

jfrickson pushed a commit that referenced this issue Dec 9, 2015

John C. Frickson
allowed_hosts doesn't work with a hostname resolving to an IPv6 address
Fix for issue #31

Program was using gethostbyname() which will not return IPv6 addresses.
Changed it to use getaddrinfo().

@jfrickson jfrickson self-assigned this Dec 9, 2015

@jfrickson jfrickson removed the Enhancement label Dec 9, 2015

@jfrickson

This comment has been minimized.

Copy link
Contributor

commented Dec 9, 2015

@jfrickson jfrickson closed this Dec 9, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.