Hi,
I'm attempting to monitor a couple of Eboxes with firewalls using Nagios NRPE.
When I add rules to the firewall to allow my nagios host to access the ebox, it looks fine in the ebox interface, but it doesn't work. iptables shows this:
Chain iexternal (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
ACCEPT udp -- monitor anywhere udp dpt:5666 state NEW
ACCEPT tcp -- monitor anywhere tcp dpt:5666 state NEW
monitor is the internal dns representation of the correct IP address, but it doesn't really matter because the chain is returning before it can get to that accept. iptables -v shows all the packets going to the return and none to the accept.
Deleting the return line manually makes it work. Is there a configuration option somewhere that I'm missing?