> -----Original Message-----
> From: Nerijus Baliunas [mailto:nerijus@users.sourceforge.net]
> Sent: Thursday, March 28, 2002 3:44 AM
> To: shorewall-users@shorewall.net
> Subject: Re[5]: [Shorewall-users] routing problem
>
>
>
> It is what I wanted, but it doesn''t work. I forward ports
> 162, 163 and 164 to 3 different hubs (port 161).
> Is port 161 enough for mrtg to work?
Your post is a little confusing.
mrtg is basically doing an snmpget at the lower layers. i.e. udp 161. If you
have configured your manageable devices to "trap" (snmptrap) based on
defined thresholds, then the trap would be sent from the managed device
using udp 162 to the system setup to receive snmptraps. mrtg does not
receive traps, its strictly polling manageable devices.
FWIW: I run mrtg on a linux system located in my "local" zone. Mrtg is
configured to poll the server located in my DMZ along with other manageable
devices. I had to add the following rule to my shorewall rules file to allow
mrtg (really snmpget) to access this server.
ACCEPT loc dmz udp domain,snmp
Based on my understanding of your post, I would think you would need to
reverse the zones.
BTW: If you want to test your shorewall rules with relation to what mrtg is
doing, I use snmpwalk. i.e. From my mrtg system to my dmz server running
ucd-snmpd
snmpwalk 192.168.8.2 <community> system
NOTE: community is replaced with the community string you defined for the
managed device (I have removed public from all of my managed devices).
Anyway, if the OID''s are returned for the system MIB, then mrtg should
work.
Steve Cowles