So I have some production servers on the 10.1.0.0/24 range, these servers needed monitoring. So I decided to use the OMD suite with check_MK and nagios.
The big issue here is the OMD suite sits on a 10.0.0.0/24 network and I have had to block traffic to the 10.1.0.0/24 network because our devs don't know the difference between QA and Prod and sometimes point things to the wrong server.
Also I cannot use the Check_MK agent as that violates the policies for production so I'm trying to get plain SNMP to work. I've tried allowing port 161 and 162 through. I can verify the SNMP configuration is correct with snmpwalk, but running that on the 10.0.0.0/24 range times out.
This is my current iptables print out on the OMD box(10.0.0.0/24):
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- any any INTCLCDCOMM1 anywhere
2 0 0 ACCEPT 162 -- any any 10.1.0.0/24 anywhere
3 0 0 ACCEPT 161 -- any any 10.1.0.0/24 anywhere
4 222K 21M ACCEPT icmp -- any any 10.1.0.0/24 anywhere
5 413 46045 DROP all -- any any 10.1.0.0/24 anywhere
6 4782K 1144M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
7 6210 539K ACCEPT icmp -- any any anywhere anywhere
8 48124 2887K ACCEPT all -- lo any anywhere anywhere
9 26 1488 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
10 1768K 1874M ACCEPT all -- any any 10.0.0.0/24 anywhere
11 0 0 ACCEPT all -- any any 10.60.0.0/24 anywhere
12 40216 2413K ACCEPT all -- any any 10.50.0.0/24 anywhere
13 14 680 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
14 0 0 ACCEPT icmp -- any any anywhere anywhere
15 0 0 ACCEPT icmp -- any any 10.1.0.0/24 anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 5687K packets, 1510M bytes)
num pkts bytes target prot opt in out source destination
I'm quite a n00b when it comes to iptables and snmp
. Any help will be deeply appreciated.