Accessing Munin nodes through (x)inetd
This article describes using inetd or xinetd as a forwarder for reaching Munin nodes behind a non-routing *nix system. The in-between server ("bouncer") assigns and opens different TCP ports pointing to each of the Munin nodes you need to reach. This is really quite identical to regular port forwarding.
http://munin.projects.linpro.no/attachment/wiki/BouncingMunin/MuninPortForwarding.png?format=raw
Comparing this method to SSH tunneling, using (x)inetd does not require a login account on the bouncer, while the downside is that the access control may be weaker and you might need to open lots of TCP ports.
From /etc/services on the bouncer:
munin 4949/tcp munin-server-a 5001/tcp munin-server-b 5002/tcp munin-server-c 5003/tcp
If you use inetd, entries like these must exist in /etc/inetd.conf on the bouncer:
munin-server-a stream tcp nowait root /usr/bin/nc /usr/bin/nc -w 30 server-a munin munin-server-b stream tcp nowait root /usr/bin/nc /usr/bin/nc -w 30 server-b munin munin-server-c stream tcp nowait root /usr/bin/nc /usr/bin/nc -w 30 server-c munin
If you use xinetd, the /etc/xinetd.d/ directory on the bouncer needs one file each for the different servers (server-a, server-b and server-c). For easier recognition, it's a good idea to prefix the files with for example "munin-". A sample munin-server-a file looks like this (note that the file name equals the "service" directive, and that the destination server and port are given as server_args):
service munin-server-a
{
disable = no
socket_type = stream
wait = no
user = root
protocol = tcp
server = /usr/bin/nc
server_args = -w 30 server-a munin
}
Then, munin.conf on the Munin server must be configured accordingly:
[Server-A] address bouncer port 5001 use_node_name yes [Server-B] address bouncer port 5002 use_node_name yes [Server-C] address bouncer port 5003 use_node_name yes
Note that your Munin nodes must now allow connections (in munin-node.conf) from the IP address of the bouncer.
