Shorewall users - Dec 2004 - Running SNMPD at Shorewall 1.4.x

On Wed, 2004-12-01 at 14:00 -0300, Anderson Oliveira
wrote:
> Hi,
> 
> 
> 
> I need to running snmpd at shorewall gateway (1.4.10g).
> 
> How to make the rules necessary to do it ?
Please consult the documentation before posting this type of question.
If you use the Quick Search on the Shorewall home page, the FIRST HIT
gives you the rules for allowing SNMP traffic.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Wed, 2004-12-01 at 08:04 -0800, Tom Eastep wrote:
> On Wed, 2004-12-01 at 14:00 -0300, Anderson Oliveira wrote:
> > Hi,
> > 
> > 
> > 
> > I need to running snmpd at shorewall gateway (1.4.10g).
> > 
> > How to make the rules necessary to do it ?
> 
> Please consult the documentation before posting this type of question.
> If you use the Quick Search on the Shorewall home page, the FIRST HIT
> gives you the rules for allowing SNMP traffic.
The search term is SNMP of course....

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Hi,



I need to running snmpd at shorewall gateway (1.4.10g).

How to make the rules necessary to do it ?

I have 3 interfaces, eth0 (public), eth1 (private) and eth2 (dmz).

When I runnig mrtg, I have this message: 
---
cfgmaker gw-host@localhost > ~netbox-sp/eth0.cfg
--base: Get Device Info on gw-host@localhost:
SNMP Error:
no response received
SNMPv1_Session (remote host: "localhost" [127.0.0.1].161)
                  community: "gw-host"
                 request ID: -1842255807
                PDU bufsize: 8000 bytes
                    timeout: 2s
                    retries: 5
                    backoff: 1)
 at /usr/bin//../lib/mrtg2/SNMP_util.pm line 621
SNMPWALK Problem for 1.3.6.1.2.1.1 on gw-arts@localhost::::::v4only
 at /usr/bin/cfgmaker line 775
WARNING: Skipping gw-arts@localhost: as no info could be retreived
----

The same message is displayed to another intercefes.



Best Regards,

Anderson Oliveira

On Wed, 2004-12-01 at 14:56 -0300, Anderson Oliveira
wrote:
> Hi,
> 
> Frist item, I''m sorry, but I forgot to list my rules at 
> /etc/shorewall/rules, about snmp access.
> 
> It is below:
> 
> 
> ACCEPT          fw              net             udp     161:162
> ACCEPT          fw              net             tcp     161
> ACCEPT          fw              loc             udp     161:162
> ACCEPT          fw              loc             tcp     161
> ACCEPT          fw              dmz             udp     161:162
> ACCEPT          fw              dmz             tcp     161
> 
None of the above rules have anything to do with fw->fw traffic. Unless
you go out of your way to hurt yourself, Shorewall NEVER restricts
fw->fw traffic.
> 
> The snmp service is running with shorewall, at same machine, but the
message
> is persist.
> 
> What''s wrong ?
If you "shorewall clear" does it work?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Hi,

Frist item, I''m sorry, but I forgot to list my rules at 
/etc/shorewall/rules, about snmp access.

It is below:


ACCEPT          fw              net             udp     161:162
ACCEPT          fw              net             tcp     161
ACCEPT          fw              loc             udp     161:162
ACCEPT          fw              loc             tcp     161
ACCEPT          fw              dmz             udp     161:162
ACCEPT          fw              dmz             tcp     161


The snmp service is running with shorewall, at same machine, but the message 
is persist.

What''s wrong ?


If the problem is from snmpd service, I''m sorry again.


Best Regards,


Anderson Oliveira


----- Original Message ----- 
From: "Tom Eastep" <teastep@shorewall.net>
To: "Shorewall Users" <shorewall-users@lists.shorewall.net>
Sent: Wednesday, December 01, 2004 1:07 PM
Subject: Re: [Shorewall-users] Running SNMPD at Shorewall 1.4.x

> On Wed, 2004-12-01 at 08:04 -0800, Tom Eastep wrote:
>> On Wed, 2004-12-01 at 14:00 -0300, Anderson Oliveira wrote:
>> > Hi,
>> >
>> >
>> >
>> > I need to running snmpd at shorewall gateway (1.4.10g).
>> >
>> > How to make the rules necessary to do it ?
>>
>> Please consult the documentation before posting this type of question.
>> If you use the Quick Search on the Shorewall home page, the FIRST HIT
>> gives you the rules for allowing SNMP traffic.
>
> The search term is SNMP of course....
>
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe: 
> https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>

> 
> If you "shorewall clear" does it work?
> 
And check also the community. A SNMP request with a wrong community
give EXACTLY the same error when SNMPD is not running.

[Guilsson]