<div dir="ltr"><div><div>In case you need them, here are the firewall commands I used:<br><br>[root@xymontest rc3.d]# firewall-cmd --permanent --zone=public --add-port=80/tcp<br>success<br>[root@xymontest rc3.d]# firewall-cmd --permanent --zone=public --add-port=1984/tcp<br>success<br>[root@xymontest rc3.d]# firewall-cmd --reload<br><br></div>I also just created a service file for startup/shutdown. This may be helpful to you down the road so you won't have to re-invent the wheel. It took me a while and asking a CentOS mailing list to find the answer:<br><br>"/usr/lib/systemd/system/xymon.service" 27L, 816C<br><br># xymonlaunch.service<br># systemd file for Fedora 18 and up, or RHEL 7 and up<br><br>[Unit]<br>Description=Xymon systems and network monitor<br>Documentation=man:xymon(7) man:xymonlaunch(8) man:xymon(1)<br>After=network.target<br><br>[Install]<br># Compatibility with "xymon" and "xymon-client"<br>Alias=xymon.service<br>Alias=xymon-client.service<br>WantedBy=multi-user.target<br><br><br>[Service]<br>#EnvironmentFile=/etc/sysconfig/xymonlaunch<br>User=xymon<br># We wrap in xymoncmd to eliminate the need for the bulk of the old init script<br>ExecStart=/home/xymon/server/bin/xymoncmd /home/xymon/server/bin/xymonlaunch --no-daemon $XYMONLAUNCHOPTS<br>Type=simple<br><br># Kill xymonlaunch, but don't send kills to the underlying procs, since they<br># might be doing important things (like writing checkpoints and flushing caches)<br>KillMode=process<br># SendSIGHUP=yes<br>SendSIGKILL=no<br><br><br></div>######################################## - next run the commands below after creating this service file<br><div>systemctl enable xymon.service<br>systemctl start xymon.service<br><br><br></div><div>I had issues where it would only stop or only start. It was not obvious how to write this. Hope you find this helpful<br><br></div><div>John<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 24, 2016 at 6:49 PM, John Langbein <span dir="ltr"><<a href="mailto:bigbandjohn@gmail.com" target="_blank">bigbandjohn@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">This sounds like a firewall issue. Search for open poet firewall centos 7 and the command should come up. I just had the same issue.</p>
<div class="gmail_quote"><div><div class="h5">On May 24, 2016 6:46 PM, "Jeremy Laidman" <<a href="mailto:jlaidman@rebel-it.com.au" target="_blank">jlaidman@rebel-it.com.au</a>> wrote:<br type="attribution"></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><p dir="ltr">On 25/05/2016 4:14 AM, "Wonder fo" <<a href="mailto:wonderfoo2@gmail.com" target="_blank">wonderfoo2@gmail.com</a>> wrote:<br>
><br>
> Hi Jeremy, <br>
><br>
> telnet is disabled by default on xymon server (running Centos 7.2.1511). </p>
<p dir="ltr">As it should be, the telnet daemon is disabled. But not the telnet client. The centos should not allow anyone to connect to it, but shouldn't stop you connecting from it to other devices that use telnet.</p>
<p dir="ltr">As an aside, telnet can be secured using kerberos.</p>
<p dir="ltr">> Below is probably an expected output consider the security risk of clear text protocol ?</p>
<p dir="ltr">Actually, no, it's not. Here, you are using the telnet command for something other than the telnet protocol. This is an old sysadmin trick. The telnet command primarily just connects to a TCP service, but that doesn't have to be the telnet service, it can be practically any TCP service. It might be a bit confusing at first, but it works; it's as if the command is really called "socket", and just happens to connect on the telnet port by default. But specify another service port, and you have a primitive tcp client for that other service. In fact people have even used telnet in place of a xymon client binary on systems where compiling or installing binaries is not possible.</p>
<p dir="ltr">For kicks, try using it to connect to the ssh port on the Centos server, from itself.</p>
<p dir="ltr"># telnet 127.1 22</p>
<p dir="ltr">If you run an ssh service on the Centos server, then the above command will successfully connect, and also give you an ssh protocol banner. (To disconnect, press ctrl-] and type quit.)</p>
<p dir="ltr">Here, we are using telnet like netcat (aka nc). Netcat is a generic socket connection tool that is much more flexible than the telnet client, but telnet is more universally available, which is why it's so popular as a socket test tool in the sysadmin's toolbox.</p>
<p dir="ltr">> # telnet 172.31.2.131 1984<br>
> Trying...</p>
<p dir="ltr">This should say "connected" almost instantly. The fact that it says neither "connected" nor "refused" tells me that there's a firewall dropping packets. As you say, there's no firewall between the client and server. So the most likely cause is a firewall /on/ the client or server. That would be something like iptables (technically called netfilter) on the Centos Xymon server, restricting incoming connections on port 1984, or something like TCP/IP filters on the AIX Xymon client, restricting outbound connections. Try running "iptables-save" on the Xymon server to see if there are rules defined; try running "lsfilt" on the Xymon client to see if there are rules defined.</p>
<p dir="ltr">Cheers<br>
Jeremy<br>
</p>
<br></div></div><span class="">_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br></span></blockquote></div>
</blockquote></div><br></div>