-   Linux - Networking (
-   -   iptables port 161 UDP/TCP (

aocferreira 03-18-2011 07:53 AM

iptables port 161 UDP/TCP
Hello guys,

iptables -A INPUT -p udp --dport -j ACCEPT
iptables -A INPUT -p tcp --dport -j ACCEPT
iptables -A FORWARD -p udp --dport -j ACCEPT
iptables -A FORWARD -p tcp --dport -j ACCEPT

and the rules are placed in iptables, i can see them when I do iptables -L.

But when I do netstat -an | grep 161 I can see that port 161 (SNMP) is not listening. Why?

acid_kewpie 03-18-2011 07:57 AM

iptables has *NOTHING* to do with what ports are being listened on. All you're doing there is saying that the traffic should not be intercept. This will stop things being blocked, not make anything positive happen.

you need somethign to actually listen, i.e. an snmp server.

aocferreira 03-18-2011 09:09 AM

I have snmp and snmpd installed. But when I do

# snmpwalk -v1 localhost -c public
Timeout: No Response from localhost

I think it has something to do with problems on port 161 because I read somewhere in the web that the udp/tcp ports need to be open

acid_kewpie 03-18-2011 02:30 PM

you appear to have not read my post. You need an snmpd server listening. iptables can't "listen" to anything, that's not what it does. Note that snmpd will not respond at all to a request that does not fit it with it's configuration (commstring etc.)

aocferreira 03-18-2011 02:53 PM

acid_kewpie tell me something:

Is there any problem if I have two different versions of net-snmp on each machine? I really don't know exactly what are the versions because I don't have access to them right now, but they are different..
One snmpd.conf appears with com2sec and the other one has rocommunity things.. I really don't know what's the difference and if there's any difference, but the content is different!
Thank you

acid_kewpie 03-18-2011 03:29 PM

versions of software in themselves don't matter. You're using a standard (very very standard) protocol and that's what matters. You need to understand what you're doing though. Mostly snmpd.conf will be configured with a commstring of "public", but it can be very different depending on what you're doing. TBH i don't know why you're asking about ports being open when you've not configured the server in the first place.

aocferreira 03-18-2011 04:00 PM

Yes it's true, I didn't configured neither of the snmpd.conf's but what is really strange is that I can make a snmpwalk from one machine to the other, but not in the opposite way!

Machine1 ( - snmpwalk -v1 -c public works
Machine2 ( - snmpwalk -v1 -c public doesn't work

and the snmpd.conf files are default !

aocferreira 03-18-2011 04:08 PM

I mean i did configure the snmpd.conf in the to allow access but it was no working..
and also add a rule in /etc/hosts.allow, dont know if it was needed or not..

All times are GMT -5. The time now is 10:46 PM.