LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-15-2009, 10:38 AM   #1
natalie.aloi
LQ Newbie
 
Registered: Jul 2009
Distribution: Fedora 9 (Linux version 2.6.25-14.fc9.i686 (mockbuild@) (gcc version 4.3.0 20080428 (Red Hat 4.3.0-8
Posts: 8

Rep: Reputation: 0
iptables usage and snmp v3 problem


Hello, a couple of questions here.

1. how do i permit UDP 161 through iptables?
[root@dns bin]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:snmp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5901
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

2. Can someone point me to what may be the problem?
(trying to get snmp v3 to work properly)

[root@dns bin]# ps -ef | grep snmpd
root 15618 1 0 10:29 ? 00:00:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd.pid -a
root 17592 9119 0 10:56 pts/2 00:00:00 grep snmpd
[root@dns bin]# kill 15618
[root@dns bin]# /usr/bin/net-snmp-config --create-snmpv3-user -a password testuser
adding the following line to /var/net-snmp/snmpd.conf:
createUser testuser MD5 "password" DES
adding the following line to /etc/snmp/snmpd.conf:
rwuser testuser
[root@dns bin]# /etc/init.d/snmpd start
Starting snmpd: [ OK ]
[root@dns bin]# ping 10.1.102.20
PING 10.1.102.20 (10.1.102.20) 56(84) bytes of data.
64 bytes from 10.1.102.20: icmp_seq=1 ttl=64 time=0.198 ms
64 bytes from 10.1.102.20: icmp_seq=2 ttl=64 time=0.194 ms
^C
--- 10.1.102.20 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1255ms
rtt min/avg/max/mdev = 0.194/0.196/0.198/0.002 ms
[root@dns bin]#

[root@nagios naloi]# snmpwalk -v 3 -a md5 -A password -x des -X password -u testuser 10.1.102.21
Error in packet.
Reason: authorizationError (access denied to that object)----->This is kind of vague[root@nagios naloi]# ping 10.1.102.21
PING 10.1.102.21 (10.1.102.21) 56(84) bytes of data.
64 bytes from 10.1.102.21: icmp_seq=1 ttl=64 time=1.93 ms
64 bytes from 10.1.102.21: icmp_seq=2 ttl=64 time=0.189 ms
64 bytes from 10.1.102.21: icmp_seq=3 ttl=64 time=0.177 ms
^C
--- 10.1.102.21 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2027ms
rtt min/avg/max/mdev = 0.177/0.765/1.930/0.823 ms
 
Old 07-15-2009, 11:39 AM   #2
natalie.aloi
LQ Newbie
 
Registered: Jul 2009
Distribution: Fedora 9 (Linux version 2.6.25-14.fc9.i686 (mockbuild@) (gcc version 4.3.0 20080428 (Red Hat 4.3.0-8
Posts: 8

Original Poster
Rep: Reputation: 0
snmpwalk -v 3 -u testuser -l AuthNoPriv -a MD5 -A password 10.1.102.21 > test (this works on nagios) not sure what that -l option is but reading up on it now...
 
Old 07-15-2009, 11:49 AM   #3
natalie.aloi
LQ Newbie
 
Registered: Jul 2009
Distribution: Fedora 9 (Linux version 2.6.25-14.fc9.i686 (mockbuild@) (gcc version 4.3.0 20080428 (Red Hat 4.3.0-8
Posts: 8

Original Poster
Rep: Reputation: 0
snmpwalk -v 3 -u testuser -l AuthPriv -a MD5 -A password 10.1.102.21 > test2
snmpwalk: USM generic error
[root@nagios naloi]#

changing the level (option -l) to AuthPriv (requires authentication and encrypted) gives me this error...? Anyone know next steps? Im reading up on USM not sure what THAT is...

good grief this linux stuff is tough! so many options & configurations to make to get things to work...but I guess its secure!
 
Old 07-15-2009, 12:02 PM   #4
natalie.aloi
LQ Newbie
 
Registered: Jul 2009
Distribution: Fedora 9 (Linux version 2.6.25-14.fc9.i686 (mockbuild@) (gcc version 4.3.0 20080428 (Red Hat 4.3.0-8
Posts: 8

Original Poster
Rep: Reputation: 0
[root@nagios naloi]# snmpwalk -v 3 -u testuser -a MD5 -A "password" -x DES -X "password" -l authPriv 10.1.102.21 > test3
[root@nagios naloi]#

this works! Found this nice little tutorial here: http://net-snmp.sourceforge.net/wiki...SNMPv3_Options

much appreciation to anyone who was investigating this...thanks anyway
 
Old 07-15-2009, 12:04 PM   #5
natalie.aloi
LQ Newbie
 
Registered: Jul 2009
Distribution: Fedora 9 (Linux version 2.6.25-14.fc9.i686 (mockbuild@) (gcc version 4.3.0 20080428 (Red Hat 4.3.0-8
Posts: 8

Original Poster
Rep: Reputation: 0
http://net-snmp.sourceforge.net/wiki...SNMPv3_Options and using "[root@nagios naloi]# snmpwalk -v 3 -u testuser -a MD5 -A "password" -x DES -X "password" -l authPriv 10.1.102.21 > test3" worked...
[root@nagios naloi]#
 
Old 07-15-2009, 12:09 PM   #6
natalie.aloi
LQ Newbie
 
Registered: Jul 2009
Distribution: Fedora 9 (Linux version 2.6.25-14.fc9.i686 (mockbuild@) (gcc version 4.3.0 20080428 (Red Hat 4.3.0-8
Posts: 8

Original Poster
Rep: Reputation: 0
using tutorial http://net-snmp.sourceforge.net/wiki...SNMPv3_Options

I was able to get this to work

[root@nagios naloi]# snmpwalk -v 3 -u testuser -a MD5 -A "password" -x DES -X "password" -l authPriv 10.1.102.21 > test3
[root@nagios naloi]#

Im still curious about iptables command though...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPtables and SNMP GGlinux Linux - Networking 2 03-01-2009 06:52 PM
CPU usage SNMP vs GKrellM TheMadIndian Linux - Server 0 08-27-2008 11:45 AM
iptables assistance for snmp jeebus2121 Linux - Networking 2 02-27-2008 07:42 AM
SNMP multiple CPU usage? TBKDan Linux - Software 0 09-27-2007 08:54 AM
Monitoring traffic tool/web based(non-cgi?)/non-SNMP/low CPU usage/non-real time pe2338 Linux - Networking 3 05-04-2006 01:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration