LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
Reload this Page [SOLVED] IPtables stopping snmp for Check_MK
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices


Reply
  Search this Thread
Old 02-24-2014, 06:20 AM   #1
gen2monk
LQ Newbie
 
Registered: Feb 2014
Posts: 3

Rep: Reputation: Disabled
Thumbs up IPtables stopping snmp for Check_MK

So I have some production servers on the 10.1.0.0/24 range, these servers needed monitoring. So I decided to use the OMD suite with check_MK and nagios.

The big issue here is the OMD suite sits on a 10.0.0.0/24 network and I have had to block traffic to the 10.1.0.0/24 network because our devs don't know the difference between QA and Prod and sometimes point things to the wrong server.

Also I cannot use the Check_MK agent as that violates the policies for production so I'm trying to get plain SNMP to work. I've tried allowing port 161 and 162 through. I can verify the SNMP configuration is correct with snmpwalk, but running that on the 10.0.0.0/24 range times out.

This is my current iptables print out on the OMD box(10.0.0.0/24):

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- any any INTCLCDCOMM1 anywhere
2 0 0 ACCEPT 162 -- any any 10.1.0.0/24 anywhere
3 0 0 ACCEPT 161 -- any any 10.1.0.0/24 anywhere
4 222K 21M ACCEPT icmp -- any any 10.1.0.0/24 anywhere
5 413 46045 DROP all -- any any 10.1.0.0/24 anywhere
6 4782K 1144M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
7 6210 539K ACCEPT icmp -- any any anywhere anywhere
8 48124 2887K ACCEPT all -- lo any anywhere anywhere
9 26 1488 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
10 1768K 1874M ACCEPT all -- any any 10.0.0.0/24 anywhere
11 0 0 ACCEPT all -- any any 10.60.0.0/24 anywhere
12 40216 2413K ACCEPT all -- any any 10.50.0.0/24 anywhere
13 14 680 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
14 0 0 ACCEPT icmp -- any any anywhere anywhere
15 0 0 ACCEPT icmp -- any any 10.1.0.0/24 anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 5687K packets, 1510M bytes)
num pkts bytes target prot opt in out source destination

I'm quite a n00b when it comes to iptables and snmp . Any help will be deeply appreciated.
Last edited by gen2monk; 02-24-2014 at 06:21 AM.
 
Old 02-24-2014, 06:55 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,345

Rep: Reputation: Disabled
Is the nf_conntrack_snmp module loaded? And nf_nat_snmp_basic, if NAT is involved?
 
Old 02-24-2014, 06:59 AM   #3
gen2monk
LQ Newbie
 
Registered: Feb 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Does that need to be loaded on the machines I wish to monitor or just the machine with the monitoring software? no natting is required.
 
Old 02-24-2014, 08:36 AM   #4
gen2monk
LQ Newbie
 
Registered: Feb 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
I managed to get it working by moving the DROP further down the chain
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Stopping outbound SSH with IPTables Harlin Linux - Security 5 12-18-2005 01:14 PM
Browsing is stopping with iptables saugato Linux - Security 3 02-05-2005 11:41 AM
stopping ftp on certain internal clients with iptables dlm4444 Linux - Security 2 03-17-2004 02:33 AM
iptables stopping startx firstclass Linux - General 2 10-06-2003 10:59 AM
stopping pop-ups with iptables fuxored Linux - Security 13 06-27-2002 10:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 12:25 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration