LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 05-08-2013, 09:43 AM   #1
limdel
Member
 
Registered: May 2009
Location: Ho Chi Minh City, Vietnam
Distribution: CentOS 6.4, FEDORA 18 x64, Linux Mint 15 x64
Posts: 57

Rep: Reputation: 15
SNMPGET Timeout: No Response from


Hi,
I'm running crasy. i just finish a nagios installation.
Everything run fine until i decide to monitor my AS400.

I'm getting the following error when i run the following command from my Nagios server (CentOS 6.4 64bit, SElinux disabled):
Code:
[root@nagios ~]# /usr/bin/snmpget -c public -t 5 -v 1 10.84.1.11:161 .1.3.6.1.2.1.2.2.1.8.2
Timeout: No Response from 10.84.1.11:161.
The same command on a switch , it's ok
Code:
[root@nagios ~]# /usr/bin/snmpget -c public -v 1 10.84.0.13:161 .1.3.6.1.2.1.2.2.1.8.2
IF-MIB::ifOperStatus.2 = INTEGER: up(1)
From my windows station i get a positive reply:
Code:
C:\robot>snmpget -r:10.84.1.11 -t:1 -v:1 -c:public  -o:.1.3.6.1.2.1.2.2.1.8.2
SnmpGet v1.01 - Copyright (C) 2009 SnmpSoft Company
[ More useful network tools on http://www.snmpsoft.com ]

OID=.1.3.6.1.2.1.2.2.1.8.2
Type=Integer
Value=1
The AS400 return a filtered UDP port on 161 from nmap but i don't thing it should be an issue since i get an answer from my windows workstation.
Code:
C:\robot>nmap 10.84.1.11 -sU -p161

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-07 18:31 SE Asia Standard Time
Nmap scan report for 10.84.1.11
Host is up (0.00s latency).
PORT    STATE         SERVICE
161/udp open|filtered snmp
MAC Address: 00:xx:xx:xx:xx:xx (IBM)
I also try to poweroff my nagios and set my windows station with the ip of Nagios...and it's work !

All hosts are on the same LAN, the only difference is that Nagios is hosted on VMware ESXi 4.1.

Any idea would be gratefully appreciated !

Laurent

Last edited by limdel; 05-08-2013 at 10:11 AM.
 
Old 05-08-2013, 01:54 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,539
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by limdel View Post
SElinux disabled):
No need for that.


Quote:
Originally Posted by limdel View Post
Code:
[root@nagios ~]# /usr/bin/snmpget
No need for being root either.


Quote:
Originally Posted by limdel View Post
I also try to poweroff my nagios
No need to do that either...


Quote:
Originally Posted by limdel View Post
The AS400 return a filtered UDP port on 161 from nmap
Firewall on the AS400?
 
Old 05-08-2013, 06:29 PM   #3
limdel
Member
 
Registered: May 2009
Location: Ho Chi Minh City, Vietnam
Distribution: CentOS 6.4, FEDORA 18 x64, Linux Mint 15 x64
Posts: 57

Original Poster
Rep: Reputation: 15
Hi unSpawn,

i wanted to make it functional first then run as is should be, and at it was at first (permissive SElinux, logged as user).

If it were a firewall issue on the AS400, then i shouldn't be able to run a snmpget command from another box that had, temporally, the same IP of my nagios box ? am i right ?
Well as i said, when i tryed with my windows box, it's work !
AS400 IP: 10.84.1.11/22
original Nagios IP: 10.84.1.39/22
Windows box IP: 10.84.3.232/22

i did:
1-poweroff nagios
2-change windows box from 10.84.3.232/22 to 10.84.1.39/22
3-run the following command from my windows box and get a result:
Code:
snmpget -r:10.84.1.11 -t:1 -v:1 -c:public  -o:.1.3.6.1.2.1.2.2.1.8.2
OID=.1.3.6.1.2.1.2.2.1.8.2
Type=Integer
Value=1
4-change back windows box to original from 10.84.1.39/22 to 10.84.3.232/22
5-start my nagios box, run again the command and get this result:
Code:
/usr/bin/snmpget -c public -t 5 -v 1 10.84.1.11:161 .1.3.6.1.2.1.2.2.1.8.2
Timeout: No Response from 10.84.1.11:161.
I will test today with 2 other distro (Fedora and Debian) from the same LAN.

Laurent
 
Old 05-09-2013, 06:38 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,539
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by limdel View Post
If it were a firewall issue on the AS400, then i shouldn't be able to run a snmpget command from another box
How about selective IP filtering then? ;-p After all "filtered" means filtered. (Dunno if snmpd would honour tcp wrappers or if your AS/400 has any.) Maybe check and describe what access restrictions your AS/400 actually has (if any) instead of doing remote checks only?
 
Old 05-10-2013, 10:16 PM   #5
limdel
Member
 
Registered: May 2009
Location: Ho Chi Minh City, Vietnam
Distribution: CentOS 6.4, FEDORA 18 x64, Linux Mint 15 x64
Posts: 57

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by unSpawn View Post
How about selective IP filtering then? ;-p After all "filtered" means filtered. (Dunno if snmpd would honour tcp wrappers or if your AS/400 has any.) Maybe check and describe what access restrictions your AS/400 actually has (if any) instead of doing remote checks only?
Hi unSpawn, Thanks for the feedback.
I check and the AS400 do have a trap setup with a public community. I even created a new one 'nagios' setting up the ip of my nagios box. but still dramatically failed from my nagios box and success from my windows box.
I test also the snmpget from another workstation, feroda 18 and centos 6.4, but still failed, even i give them the ip of my windows box.

so, following your advise, i found this link , i will carefully read it and check those setting on my AS400.

"i'll be back"
 
Old 05-19-2013, 04:54 AM   #6
limdel
Member
 
Registered: May 2009
Location: Ho Chi Minh City, Vietnam
Distribution: CentOS 6.4, FEDORA 18 x64, Linux Mint 15 x64
Posts: 57

Original Poster
Rep: Reputation: 15
Solved

I finally found the reason why i did have the time out while querying SNMP on my AS400.
First the nagios OS firewall was still ON while i thought i did actually stop it for the test.
Second point the AS400 did not actually reply to SNMP using the port UDP:161.

I realized that when i wanted to analyzed the network packet from my nagios box to the AS400 using tcpdump.
i get this at first:
Code:
 tcpdump -nn host 10.84.1.11
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
08:53:28.468284 IP 10.84.1.39.48542 > 10.84.1.11.161:  GetRequest(28)  .1.3.6.1.2.1.1.1.0
08:53:28.563727 IP 10.84.1.11.5100 > 10.84.1.39.48542: UDP, length 60
08:53:28.563786 IP 10.84.1.39 > 10.84.1.11: ICMP host 10.84.1.39 unreachable - admin prohibited, length 96
I saw that the AS400(10.84.1.11) reply to the SNMP query using a different UDP port than 161, while other device replied to UDP:161, like this one:
Code:
 tcpdump -nn host 10.84.0.13
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
08:51:08.350249 IP 10.84.1.39.58205 > 10.84.0.13.161:  GetRequest(28)  .1.3.6.1.2.1.1.1.0
08:51:08.353217 IP 10.84.0.13.161 > 10.84.1.39.58205:  GetResponse(119)  .1.3.6.1.2.1.1.1.0="HP J4865A ProCurve Switch 4108GL, revision G.07.109, ROM G.05.02 (/sw/code/build/gamo(m03))"
Solution: i temporally add a new input rule on the nagios box iptables that allow any incoming UDP packet from my AS400 IP Address.

Code:
iptables -I INPUT 6 -p udp -m udp -s 10.84.1.11 -j ACCEPT
Now i have to found out why my AS400 do not reply from the port UDP:161.
Thanks to all for the reply anyway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] snmpset returns timeout while snmpget works Vogel612 Programming 1 10-30-2012 02:59 AM
Using net-snmp: Timeout, no response from host Treikayan Linux - Software 1 03-18-2009 03:38 PM
snmpwalk Timeout: No Response from host thedonkdonk Linux - Software 1 11-27-2007 03:49 PM
response timeout by snmp agent anubhuti_k Linux - Networking 0 02-20-2005 03:15 AM
DHCP response timeout kam_kenneth Linux - Newbie 4 11-02-2004 03:28 PM


All times are GMT -5. The time now is 03:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration