Problem with remote Net-SNMP access
 

Hello everybody. I'm having a problem with SNMP remote access. I'm working with Debian Etch, and I configured the snmpd.conf file to work remotely with a public comunity.

The code of the file looks like this:

------------------------------------------
com2sec local 127.0.0.1/32 Cl4v3-d3-Acc3s0
com2sec localnetwork 192.168.1.0/24 Cl4v3-d3-Acc3s0

group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local

group MyROGroup v1 localnetwork
group MyROGroup v2c localnetwork
group MyROGroup usm localnetwork

## name incl/excl subtree mask(optional)

view all included .1 80

## group context sec.model sec.level prefix read write notif

access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all all


syslocation Server TECHSERVER
------------------------------------------

So, if I run in the local system the following command it runs OK:

snmpwalk -v 1 127.0.0.1 -c Cl4v3-d3-Acc3s0 system

I get the variables without problem. However, if I try to use the IP of the network interface (eth1), then it returns a timeout message:

snmpwalk -v 1 192.168.1.23 -c Cl4v3-d3-Acc3s0 system

Timeout: No Response from 192.168.1.23

The LAN configuration seems to be OK, as I have several services running in the server, and all of them are working fine.
Is there any other parameter to add in the snmpd.conf file?

Thanks in advance!

And you're certain there's no firewall between the device and your agent?

Hello, thanks for your answer.
No, there is no firewall, the strange thing is that it doesn't work even if I run the command "snmpwalk -v 1 192.168.1.23 -c Cl4v3-d3-Acc3s0 system" in the local system; It returns timeout (the same command works with 127.0.0.1). But any other command using the public IP (like a ping, or a MySQL connection) from the network or from the local system works ok.

so... any idea?

Hi -

I'm prepared to be wrong ... but is it possible that any firewall (even a software firewall running locally) might be preventing the SNMP communication?

If you have a firewall (especially one on the Linux server you're trying to query), temporarily disable it and see if it makes a difference.

Just a suggestion .. PSM

PS:
Other troubleshooting suggestions:
- Consider temporarily using "public"
<= Eliminate possible SNMP security/security configuration issues
- Enable logging
<= Most SNMP agents support some kind of logging/tracing
- Take an Ethereal trace
<= Examine the SNMP packets being sent between the agent and the monitor
- Look at your system log
<= Be sure to look at any firewall/network related logs, too!
- Etc etc

Kelo, I just went through this on my debian Etch systems. It turns out that the default configuration of snmpd is to only listen on 127.0.0.1

The way to solve this is to replace 127.0.0.1 with the IP of your system, and the config file for this is in /etc/default/snmpd, in snmpd options (SNMPDOPS) towards the top.

Restart the snmp service, and your system should now respond to queries.

BTW, thanks for the config file ;)


Happy New Year!

Hello, thank you for your research!, I made the change and it is working OK now!.

Thank you again!

Regards

Kelo.