Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: jabbasi on June 21, 2004, 09:18:12 AM

Title: SNMP info collecting from SME
Post by: jabbasi on June 21, 2004, 09:18:12 AM

Hi

I am trying to monitor lan and Wan interface on my SME 6.0  gateway.
But the issue I am running into is that my web sevrer runs on other machine inside my network, I have instaleld mrtg on my web server, all is working well, except when I run snmwalk  IP community, I see no response from SME, and snmpd log on SME show
#######################################
Connection from IP  REFUSED
trace: run_alarms(): snmp_alarm.c, 138
snmp_alarm_run_alarms: looking for alarms to run...
##############################################
this is how I am running snmpd on SME
root     26619  0.0  2.2  5664 2812 pts/0    S    02:32   0:02 /usr/sbin/snmpd -
s -D -p 161,tcp:161,9161@Internal IP on SME -l /var/log/snmpd.log -P /var/run/snmpd -
a
###############################################
following is my snmpd.conf

#       sec.name  source          community
com2sec MyNetwork     192.168.251.0/255.255.255.0   public

#       groupName      securityModel securityName
group   MyRwGroup          v1          MyNetwork
group   MyROGroup          v2c         MyNetwork

#       name           incl/excl     subtree         mask(optional)
view    all     included               .1

#access  notConfigGroup ""      any       noauth    exact  systemview none none
access MyROGroup        ""      any       noauth    0      all    none   none
access MyRWGroup        ""      any       noauth    0      all    all    all
I personally think iptable rules are blocking me, if that is the case I shouldn't see connection refused in snmpd log.
Any advice will be much appreciated.
thanks in advance

Title: Re: SNMP info collecting from SME
Post by: schirrms on June 21, 2004, 07:51:14 PM

Quote from: "jabbasi"

I personally think iptable rules are blocking me, if that is the case I shouldn't see connection refused in snmpd log.
thanks in advance

I didn't test this way, so this is just an idea, but :
Your web server is on your internal network and the SNMP agent is running on the server (thas is, by default not bind to a specific IP address).

So, from your Web server, you should scan your SME server trougth it internal IP Address (even if you plan to gather information about your external address).
Iptables is not working on the internal interface, so if you (correctly) ask the internal add and encounter this trouble, the problem is not on iptables.

Just my 0.02 $

Title: Re: SNMP info collecting from SME
Post by: jabbasi on June 21, 2004, 11:03:13 PM

Quote from: "schirrms"

Quote from: "jabbasi"

I personally think iptable rules are blocking me, if that is the case I shouldn't see connection refused in snmpd log.
thanks in advance

I didn't test this way, so this is just an idea, but :
Your web server is on your internal network and the SNMP agent is running on the server (thas is, by default not bind to a specific IP address).

So, from your Web server, you should scan your SME server trougth it internal IP Address (even if you plan to gather information about your external address).
Iptables is not working on the internal interface, so if you (correctly) ask the internal add and encounter this trouble, the problem is not on iptables.

Just my 0.02 $

thats what I thought in the begining.
But if you are right that Iptable rules are not working on internal interface then where is the problem, is there issue with my snmpd.conf
Web server is not even involved in this, I should not have mentioned web server in the first place.
Because I am trying to collect interface info to generate MRTG.cfg file and when I run
snmpwlk   Internal IP of SME community
I get no response from SME.

Title: SNMP info collecting from SME
Post by: schirrms on June 23, 2004, 06:56:43 PM

Hi,

I did some tests yesterday with SNMP, but without success.
Even local acces are REFUSED (as seen in /var/log/messages)
The only point I saw, is the reject come from the snmpd process itself, not masq.

I hope to look further (because I could need that) but I don't have so much time theses days...

Regards,

Title: SNMP info collecting from SME
Post by: jabbasi on June 23, 2004, 07:21:35 PM

Quote from: "schirrms"

Hi,

I did some tests yesterday with SNMP, but without success.
Even local acces are REFUSED (as seen in /var/log/messages)
The only point I saw, is the reject come from the snmpd process itself, not masq.

I hope to look further (because I could need that) but I don't have so much time theses days...

Regards,

I resolved this issue by correcting hosts.allow filw

it looked like
snmp : 127.0.0.1, 192.168.251.18/255.255.255.0
So netmask was wrong
as soon as I changed it to
snmp:127.0.0.1,192.168.254.0/255.255.255.0
it stareted working.
You ned to craete a cudtom template for hosts.allow and expand it.
There are few howto's on this on contribs.org

Title: SNMP info collecting from SME
Post by: schirrms on June 24, 2004, 09:33:03 PM

Thanks jabbasi,

Worked like a charm.

I didn't even know that it's possible to set network access service by service in /etc/hosts.allow !

Thanks,