Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allowed_hosts does not work with a hostname resolving to an IPv6 address #31

Closed
tilmanschmidt opened this issue Oct 21, 2015 · 3 comments
Closed

allowed_hosts does not work with a hostname resolving to an IPv6 address #31

tilmanschmidt opened this issue Oct 21, 2015 · 3 comments
Assignees
@jfrickson
Labels
Bug

Comments

@tilmanschmidt
Copy link

A fully IPv6 dual stack enabled network is monitored by Nagios 3.5.1 installed from EPEL on a CentOS 6.7 server. Monitored hosts run NRPE agents, all of which are configured to run as daemons (not via xinetd) with the configuration line

allowed_hosts=bombur.example.com

where bombur.example.com is the Nagios server's FQDN which resolves in DNS to both the IPv4 and IPv6 addresses:

% host bombur
bombur.example.com has address 192.0.2.28
bombur.example.com has IPv6 address 2001:db8:f00:ba8::28

This works fine for hosts running NRPE releases before 2.15 which lack IPv6 support and ony accept IPv4 connections. But on hosts with NRPE 2.15, which does support IPv6, connections from the Nagios server are rejected with the log message:

nrpe[21665]: Host 2001:db8:f00:ba8::28 is not allowed to talk to us!

Apparently the allowed_hosts=<hostname> directive allows only the IPv4 address of the given host, not its IPv6 address.
@tilmanschmidt
Copy link
Author

Update: It doesn't work with separate hostnames for IPv4 and IPv6 either.
Setting

allowed_hosts=bombur-v4.example.com,bombur-v6.example.com

in nrpe.cfg results in the log entries

Allowing connections from: bombur-v4.example.com,bombur-v6.example.com
2001:db8:f00:ba8::28 is not allowed to talk to us!

even though

% host bombur-v4
bombur-v4.example.com has address 192.0.2.28
% host bombur-v6
bombur-v6.example.com has IPv6 address 2001:db8:f00:ba8::28

Putting

allowed_hosts=192.0.2.28,2001:db8:f00:ba8::28

into nrpe.cfg instead results in connections from 2001:db8:f00:ba8::28 being allowed as intended.
Looks like IPv6 lookups for hostnames in allowed_hosts do not work at all.

I also started a discussion about this issue at https://support.nagios.com/forum/viewtopic.php?f=7&t=35430 .

@tilmanschmidt tilmanschmidt changed the title allowed_hosts does not work with IPv4/IPv6 dualstack hosts allowed_hosts does not work with a hostname resolving to an IPv6 address Oct 26, 2015
@tmcnag
Copy link
Contributor

tmcnag commented Oct 27, 2015

Dual-labeling as bug+enhancement until we can determine if this was supposed to work and is not (bug) or if it never worked and needs to be added (enhancement).

jfrickson pushed a commit that referenced this issue Dec 9, 2015
allowed_hosts doesn't work with a hostname resolving to an IPv6 address
1ac9909 
Fix for issue #31

Program was using gethostbyname() which will not return IPv6 addresses.
Changed it to use getaddrinfo().
@jfrickson jfrickson self-assigned this Dec 9, 2015
@jfrickson
Copy link
Contributor

Fixed with commit 1ac9909
in branch https://github.com/NagiosEnterprises/nrpe/tree/nrpe-2-16-RC2

@sudeephb sudeephb mentioned this issue Jan 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jfrickson jfrickson

Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tmcnag @jfrickson @tilmanschmidt