LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-25-2009, 08:11 PM   #1
GGlinux
LQ Newbie
 
Registered: Oct 2008
Posts: 28

Rep: Reputation: 15
IPtables and SNMP


I cant get SNMP traffic to flow through my firewall

I have eth0 and eth1, I did a tcpdump and can see udp 161 (snmp) go through eth0 to eth1 but then doesnt come back:

12:54:46.463028 IP 10.152.100.50.12066 > 10.200.100.129.snmp: GetRequest(25) system.sysDescr.0
12:54:46.613720 IP 10.152.100.50.12066 > 10.200.100.130.snmp: GetRequest(25) system.sysDescr.0

10.152.100.50 is a computer on the eth0 side of the network and Im trying to get snmp details from a pc (10.200.100.130).

Here are my iptables

ipt -A FORWARD -p icmp -j ACCEPT
ipt -A INPUT -i eth0 -p icmp -j ACCEPT
ipt -A INPUT -i lo -j ACCEPT
ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
ipt -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
ipt -A FORWARD -p udp --dport 53 --sport 1024:65535 -j ACCEPT
ipt -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT
ipt -A FORWARD -i $DHCPIF -p udp --dport 123 -j ACCEPT #Allows NTP
ipt -A INPUT -m state --state NEW,INVALID -j DROP
ipt -A FORWARD -i $DHCPIF -j DROP

Everything else works, NTP, DHCP, PING REQUEST ETC ETC

BUT SNMP doesnt go all the way back from the PC with the snmp agent installed.
 
Old 02-27-2009, 04:55 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,373

Rep: Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962Reputation: 1962
Well is the SNMP client actually working? SNMP v1 / v2c do not respond if your community strings are correct etc...
 
Old 03-01-2009, 06:52 PM   #3
GGlinux
LQ Newbie
 
Registered: Oct 2008
Posts: 28

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
Well is the SNMP client actually working? SNMP v1 / v2c do not respond if your community strings are correct etc...
What is community string?

When i turn off the firewall I get full snmp traffic flowing through. The firewall allows traffic to filter through eth0 and to eth1, i can see it in tcpdump. But the traffic does not flow back out through eth1, eth0 and then to the management server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Net-SNMP writing a Subagent - snmp.conf Unknown token: master AustinMarton Programming 0 12-16-2008 07:34 PM
iptables assistance for snmp jeebus2121 Linux - Networking 2 02-27-2008 07:42 AM
SNMP master & SNMP client Script for system monitoring ratul_11 Programming 1 12-24-2007 05:32 AM
snmp (ucd-snmp, net-snmp) markus1982 Linux - Software 1 11-21-2002 10:45 AM


All times are GMT -5. The time now is 09:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration