LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-18-2011, 08:53 AM   #1
aocferreira
Member
 
Registered: Feb 2011
Posts: 110

Rep: Reputation: 0
iptables port 161 UDP/TCP


Hello guys,

iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A FORWARD -p udp --dport -j ACCEPT
iptables -A FORWARD -p tcp --dport -j ACCEPT

and the rules are placed in iptables, i can see them when I do iptables -L.

But when I do netstat -an | grep 161 I can see that port 161 (SNMP) is not listening. Why?
 
Old 03-18-2011, 08:57 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
iptables has *NOTHING* to do with what ports are being listened on. All you're doing there is saying that the traffic should not be intercept. This will stop things being blocked, not make anything positive happen.

you need somethign to actually listen, i.e. an snmp server.
 
Old 03-18-2011, 10:09 AM   #3
aocferreira
Member
 
Registered: Feb 2011
Posts: 110

Original Poster
Rep: Reputation: 0
I have snmp and snmpd installed. But when I do

# snmpwalk -v1 localhost -c public
Timeout: No Response from localhost

I think it has something to do with problems on port 161 because I read somewhere in the web that the udp/tcp ports need to be open
 
Old 03-18-2011, 03:30 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
you appear to have not read my post. You need an snmpd server listening. iptables can't "listen" to anything, that's not what it does. Note that snmpd will not respond at all to a request that does not fit it with it's configuration (commstring etc.)
 
Old 03-18-2011, 03:53 PM   #5
aocferreira
Member
 
Registered: Feb 2011
Posts: 110

Original Poster
Rep: Reputation: 0
acid_kewpie tell me something:

Is there any problem if I have two different versions of net-snmp on each machine? I really don't know exactly what are the versions because I don't have access to them right now, but they are different..
One snmpd.conf appears with com2sec and the other one has rocommunity things.. I really don't know what's the difference and if there's any difference, but the content is different!
Thank you
 
Old 03-18-2011, 04:29 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
versions of software in themselves don't matter. You're using a standard (very very standard) protocol and that's what matters. You need to understand what you're doing though. Mostly snmpd.conf will be configured with a commstring of "public", but it can be very different depending on what you're doing. TBH i don't know why you're asking about ports being open when you've not configured the server in the first place.
 
Old 03-18-2011, 05:00 PM   #7
aocferreira
Member
 
Registered: Feb 2011
Posts: 110

Original Poster
Rep: Reputation: 0
Yes it's true, I didn't configured neither of the snmpd.conf's but what is really strange is that I can make a snmpwalk from one machine to the other, but not in the opposite way!

Machine1 (192.168.100.1) - snmpwalk -v1 -c public 192.168.100.110 works
Machine2 (192.168.100.110) - snmpwalk -v1 -c public 192.168.100.1 doesn't work

and the snmpd.conf files are default !
 
Old 03-18-2011, 05:08 PM   #8
aocferreira
Member
 
Registered: Feb 2011
Posts: 110

Original Poster
Rep: Reputation: 0
I mean i did configure the snmpd.conf in the 192.168.100.1 to allow access but it was no working..
and also add a rule in /etc/hosts.allow, dont know if it was needed or not..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: logging all protocols (not just tcp, udp, icmp) kfarstrider Linux - Security 5 06-29-2010 11:53 AM
UDP Port 161 kopper27 Linux - Newbie 8 06-09-2010 03:57 PM
TCP and UDP socket on Same port ? bkankru Linux - Networking 1 11-20-2009 10:07 AM
Port Tcp/udp rlnd Linux - Networking 1 06-11-2006 02:05 PM
TCP Port 53 Open - How to enable UDP 53? stardotstar Linux - Networking 6 03-16-2005 05:49 AM


All times are GMT -5. The time now is 11:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration