From: "Daniel F. Chief Security Engineer -" <danielf@supportteam.net>
To: Gilles Yue <gyue@novelgmt.intnet.mu>, netfilter@lists.netfilter.org
Subject: Re: MRTG and IPTABLES
Date: Wed, 7 Jan 2004 08:17:38 -0600 [thread overview]
Message-ID: <200401070817.38685.danielf@supportteam.net> (raw)
In-Reply-To: <83055D4B014C9E478D2F04624B9E82CFAE965A@noveldc.novelgmt.mu>
try
$IPTABLES -A INPUT -p udp --dport 161 -j ACCEPT
assuming that yuo are tryinh to accept port 161 on the local machine. if you
doing stateful it should look similar to this.
# IP of machine running MRTG
$SNMP_POLLER_IP="xxx.xxx.xxx.xxx"
$IPTABLES -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 161 -m state --state NEW -s $SNMP_POLLER_IP
-j ACCEPT
$IPTABLES -A OUTPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 161 -m state --state NEW -s $SNMP_POLLER_IP
-j ACCEPT
This is assuming you have set the ploicies to drop
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
On Wednesday 07 January 2004 06:46, Gilles Yue wrote:
> Hi,
>
> Is this the way it should be in iptables?
>
> #Open SNMP Ports
> $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT
>
> Have tried it, not working
>
> Thanks.
> Gy
>
> -----Original Message-----
> From: Daniel F. Chief Security Engineer -
> [mailto:danielf@supportteam.net]
> Sent: Wednesday, January 07, 2004 4:45 PM
> To: Gilles Yue; netfilter@lists.netfilter.org
> Subject: Re: MRTG and IPTABLES
>
> SNMP UDP Ports 161 and 162 MRTG typically only uses 161.
>
>
> Thanks
>
> On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> > MRTG cannot work properly due to iptables running.
> >
> >
> >
> > Anybody knows which port number to open to enable MRTG to work
>
> properly.
>
> > Thanks.
> >
> >
> >
> > Rgds
> >
> > gy
--
Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter how
close you get to nothing.
next prev parent reply other threads:[~2004-01-07 14:17 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-07 12:46 MRTG and IPTABLES Gilles Yue
2004-01-07 12:57 ` Antony Stone
2004-01-07 14:17 ` Daniel F. Chief Security Engineer - [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-01-09 5:54 Gilles Yue
2004-01-08 11:56 Gilles Yue
2004-01-08 12:07 ` Antony Stone
2004-01-08 6:47 Gilles Yue
2004-01-08 9:27 ` Antony Stone
2004-01-08 13:13 ` Daniel F. Chief Security Engineer -
2004-01-07 16:17 mpdykeman
2004-01-07 9:34 Gilles Yue
2004-01-07 9:44 ` Antony Stone
2004-01-07 9:55 ` Jesper Lund
2004-01-07 8:28 Eugene Joubert
2004-01-07 6:54 Gilles Yue
2004-01-07 8:03 ` John A. Sullivan III
2004-01-07 12:44 ` Daniel F. Chief Security Engineer -
2004-01-07 16:06 ` Søren Kent Jensen
2004-02-14 21:30 ` Ian McBeth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200401070817.38685.danielf@supportteam.net \
--to=danielf@supportteam.net \
--cc=gyue@novelgmt.intnet.mu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.