RE: MRTG and IPTABLES

RE: MRTG and IPTABLES

[Gilles Yue]

Dear sir,

Have tried your commands below but when I run my iptables script, 

I get "command not found" and it points to the line 

$SNMP_POLLER_IP="xxx.xxx.xxx.xxx"

Thanks
gy


-----Original Message-----
From: Daniel F. Chief Security Engineer -
[mailto:danielf@supportteam.net] 
Sent: Wednesday, January 07, 2004 6:18 PM
To: Gilles Yue; netfilter@lists.netfilter.org
Subject: Re: MRTG and IPTABLES

try

$IPTABLES -A INPUT -p udp --dport 161 -j ACCEPT 

assuming that yuo are tryinh to accept port 161 on the local machine. if
you 
doing stateful it should look similar to this. 

# IP of machine running MRTG
$SNMP_POLLER_IP="xxx.xxx.xxx.xxx"

$IPTABLES -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 161 -m state --state NEW -s
$SNMP_POLLER_IP 
-j ACCEPT

$IPTABLES -A OUTPUT -p udp -m state --state ESTABLISHED,RELATED -j
ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 161 -m state --state NEW -s
$SNMP_POLLER_IP 
-j ACCEPT

This is assuming you have set the ploicies to drop
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP

On Wednesday 07 January 2004 06:46, Gilles Yue wrote:
> Hi,
>
> Is this the way it should be in iptables?
>
> #Open SNMP Ports
> $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT
>
> Have tried it, not working
>
> Thanks.
> Gy
>
> -----Original Message-----
> From: Daniel F. Chief Security Engineer -
> [mailto:danielf@supportteam.net]
> Sent: Wednesday, January 07, 2004 4:45 PM
> To: Gilles Yue; netfilter@lists.netfilter.org
> Subject: Re: MRTG and IPTABLES
>
> SNMP UDP Ports 161 and 162 MRTG typically only uses 161.
>
>
> Thanks
>
> On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> > MRTG cannot work properly due to iptables running.
> >
> >
> >
> > Anybody knows which port number to open to enable MRTG to work
>
> properly.
>
> > Thanks.
> >
> >
> >
> > Rgds
> >
> > gy

-- 
Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter
how 
close you get to nothing.

Re: MRTG and IPTABLES

[Antony Stone]

On Thursday 08 January 2004 6:47 am, Gilles Yue wrote:

> Dear sir,
>
> Have tried your commands below but when I run my iptables script,
>
> I get "command not found" and it points to the line
>
> $SNMP_POLLER_IP="xxx.xxx.xxx.xxx"

There should be no $ at the beginning of this line.

Shell scripts use $ when referencing a variable, not when defining it or 
assigning to it.   This is different from Perl.

Antony.

-- 
My New Year's resolution is not to make any resolutions I can't keep.

I'm wondering whether I've failed already.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: MRTG and IPTABLES

[Daniel F. Chief Security Engineer -]

DOH! I do this all time, sorry.  He's right no $ign before the SNMP_POLLER_IP 

Also I never set the nat tables or mangle tables to drop unless im using them 
and I have accept rules for all my traffic in them. 

On Thursday 08 January 2004 03:27, Antony Stone wrote:
> On Thursday 08 January 2004 6:47 am, Gilles Yue wrote:
> > Dear sir,
> >
> > Have tried your commands below but when I run my iptables script,
> >
> > I get "command not found" and it points to the line
> >
> > $SNMP_POLLER_IP="xxx.xxx.xxx.xxx"
>
> There should be no $ at the beginning of this line.
>
> Shell scripts use $ when referencing a variable, not when defining it or
> assigning to it.   This is different from Perl.
>
> Antony.

-- 
Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter how 
close you get to nothing.

RE: MRTG and IPTABLES

[Gilles Yue]

That's it. 
Thanks very much.

gy

-----Original Message-----
From: Alexis [mailto:alexis@attla.net.ar] 
Sent: Thursday, January 08, 2004 5:47 PM
To: Gilles Yue
Subject: Re: MRTG and IPTABLES

POSTROUTING match all packets leaving the firewall, so you need to add
the
same rule, try with


iptables -t nat -A POSTROUTING -p udp --dport 161 -j ACCEPT


----- Original Message ----- 
From: "Gilles Yue" <gyue@novelgmt.intnet.mu>
To: "Gilles Yue" <gyue@novelgmt.intnet.mu>
Cc: <netfilter@lists.netfilter.org>
Sent: Thursday, January 08, 2004 8:56 AM
Subject: RE: MRTG and IPTABLES


Hi,

I have opened port 161 in my firewall script.

$IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT

However, POSRTOUTING SET TO DROP By default, is preventing MRTG
from running properly. (I have tried setting POSTROUTING TO ACCEPT
and MRTG works fine)

$IPTABLES -t nat -P POSTROUTING DROP

Does anybody know how do I allow MRTG to run with POSTROUTING
SET TO DROP?

Thanks
gy


-----Original Message-----
From: Gilles Yue
Sent: Thursday, January 08, 2004 10:47 AM
To: Daniel F. Chief Security Engineer -; netfilter@lists.netfilter.org
Subject: RE: MRTG and IPTABLES

Dear sir,

Have tried your commands below but when I run my iptables script,

I get "command not found" and it points to the line

$SNMP_POLLER_IP="xxx.xxx.xxx.xxx"

Thanks
gy


-----Original Message-----
From: Daniel F. Chief Security Engineer -
[mailto:danielf@supportteam.net]
Sent: Wednesday, January 07, 2004 6:18 PM
To: Gilles Yue; netfilter@lists.netfilter.org
Subject: Re: MRTG and IPTABLES

try

$IPTABLES -A INPUT -p udp --dport 161 -j ACCEPT

assuming that yuo are tryinh to accept port 161 on the local machine. if
you
doing stateful it should look similar to this.

# IP of machine running MRTG
$SNMP_POLLER_IP="xxx.xxx.xxx.xxx"

$IPTABLES -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 161 -m state --state NEW -s
$SNMP_POLLER_IP
-j ACCEPT

$IPTABLES -A OUTPUT -p udp -m state --state ESTABLISHED,RELATED -j
ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 161 -m state --state NEW -s
$SNMP_POLLER_IP
-j ACCEPT

This is assuming you have set the ploicies to drop
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP

On Wednesday 07 January 2004 06:46, Gilles Yue wrote:
> Hi,
>
> Is this the way it should be in iptables?
>
> #Open SNMP Ports
> $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT
>
> Have tried it, not working
>
> Thanks.
> Gy
>
> -----Original Message-----
> From: Daniel F. Chief Security Engineer -
> [mailto:danielf@supportteam.net]
> Sent: Wednesday, January 07, 2004 4:45 PM
> To: Gilles Yue; netfilter@lists.netfilter.org
> Subject: Re: MRTG and IPTABLES
>
> SNMP UDP Ports 161 and 162 MRTG typically only uses 161.
>
>
> Thanks
>
> On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> > MRTG cannot work properly due to iptables running.
> >
> >
> >
> > Anybody knows which port number to open to enable MRTG to work
>
> properly.
>
> > Thanks.
> >
> >
> >
> > Rgds
> >
> > gy

-- 
Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter
how
close you get to nothing.

RE: MRTG and IPTABLES

[Gilles Yue]

Hi,

	I have opened port 161 in my firewall script. 
	
	$IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT

	However, POSRTOUTING SET TO DROP By default, is preventing MRTG
from 	running properly. (I have tried setting POSTROUTING TO ACCEPT
and MRTG 	works fine)

	$IPTABLES -t nat -P POSTROUTING DROP

	Does anybody know how do I allow MRTG to run with POSTROUTING
SET TO 	DROP?

Thanks
gy


-----Original Message-----
From: Gilles Yue 
Sent: Thursday, January 08, 2004 10:47 AM
To: Daniel F. Chief Security Engineer -; netfilter@lists.netfilter.org
Subject: RE: MRTG and IPTABLES

Dear sir,

Have tried your commands below but when I run my iptables script, 

I get "command not found" and it points to the line 

$SNMP_POLLER_IP="xxx.xxx.xxx.xxx"

Thanks
gy


-----Original Message-----
From: Daniel F. Chief Security Engineer -
[mailto:danielf@supportteam.net] 
Sent: Wednesday, January 07, 2004 6:18 PM
To: Gilles Yue; netfilter@lists.netfilter.org
Subject: Re: MRTG and IPTABLES

try

$IPTABLES -A INPUT -p udp --dport 161 -j ACCEPT 

assuming that yuo are tryinh to accept port 161 on the local machine. if
you 
doing stateful it should look similar to this. 

# IP of machine running MRTG
$SNMP_POLLER_IP="xxx.xxx.xxx.xxx"

$IPTABLES -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 161 -m state --state NEW -s
$SNMP_POLLER_IP 
-j ACCEPT

$IPTABLES -A OUTPUT -p udp -m state --state ESTABLISHED,RELATED -j
ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 161 -m state --state NEW -s
$SNMP_POLLER_IP 
-j ACCEPT

This is assuming you have set the ploicies to drop
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP

On Wednesday 07 January 2004 06:46, Gilles Yue wrote:
> Hi,
>
> Is this the way it should be in iptables?
>
> #Open SNMP Ports
> $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT
>
> Have tried it, not working
>
> Thanks.
> Gy
>
> -----Original Message-----
> From: Daniel F. Chief Security Engineer -
> [mailto:danielf@supportteam.net]
> Sent: Wednesday, January 07, 2004 4:45 PM
> To: Gilles Yue; netfilter@lists.netfilter.org
> Subject: Re: MRTG and IPTABLES
>
> SNMP UDP Ports 161 and 162 MRTG typically only uses 161.
>
>
> Thanks
>
> On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> > MRTG cannot work properly due to iptables running.
> >
> >
> >
> > Anybody knows which port number to open to enable MRTG to work
>
> properly.
>
> > Thanks.
> >
> >
> >
> > Rgds
> >
> > gy

-- 
Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter
how 
close you get to nothing.

Re: MRTG and IPTABLES

[Antony Stone]

On Thursday 08 January 2004 11:56 am, Gilles Yue wrote:

> Hi,
>
> 	I have opened port 161 in my firewall script.
>
> 	$IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT
>
> 	However, POSRTOUTING SET TO DROP By default, is preventing MRTG
> from 	running properly. (I have tried setting POSTROUTING TO ACCEPT
> and MRTG 	works fine)
>
> 	$IPTABLES -t nat -P POSTROUTING DROP

That is a very bad idea.

The nat tables are for address translation, not for filtering.

The filter tables are for filtering - that's where you should be DROPping 
packets.

Set the policy on POSTROUTING back to ACCEPT, and by all means tell us if this 
causes you any problems.

Regards,

Antony.

-- 
If at first you don't succeed, destroy all the evidence that you tried.

                                                     Please reply to the list;
                                                           please don't CC me.

RE: MRTG and IPTABLES

[mpdykeman]

[-- Attachment #1: Type: text/plain, Size: 232 bytes --]

MRTG uses snmp to poll devices...

SNMP runs on two ports -- udp/161 (polling from the monitoring console)
and udp/162 (SNMP traps sent to monitoring console)

For your purposes, you are probably interested in udp/161

-mpd

[-- Attachment #2: Type: text/html, Size: 737 bytes --]

RE: MRTG and IPTABLES

[Gilles Yue]

Hi,

Is this the way it should be in iptables?

#Open SNMP Ports
$IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT

Have tried it, not working

Thanks. 
Gy

-----Original Message-----
From: Daniel F. Chief Security Engineer -
[mailto:danielf@supportteam.net] 
Sent: Wednesday, January 07, 2004 4:45 PM
To: Gilles Yue; netfilter@lists.netfilter.org
Subject: Re: MRTG and IPTABLES

SNMP UDP Ports 161 and 162 MRTG typically only uses 161. 


Thanks

On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> MRTG cannot work properly due to iptables running.
>
>
>
> Anybody knows which port number to open to enable MRTG to work
properly.
>
>
>
> Thanks.
>
>
>
> Rgds
>
> gy

-- 
Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter
how 
close you get to nothing.

Re: MRTG and IPTABLES

[Antony Stone]

On Wednesday 07 January 2004 12:46 pm, Gilles Yue wrote:

> Hi,
>
> Is this the way it should be in iptables?
>
> #Open SNMP Ports
> $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT
>
> Have tried it, not working

Try putting in the LOGging rule which two of us have already recommended, and 
see what traffic is getting blocked.

This will then tell you what you need to ACCEPT.

Regards,

Antony.

> -----Original Message-----
> From: Daniel F. Chief Security Engineer -
> [mailto:danielf@supportteam.net]
> Sent: Wednesday, January 07, 2004 4:45 PM
> To: Gilles Yue; netfilter@lists.netfilter.org
> Subject: Re: MRTG and IPTABLES
>
> SNMP UDP Ports 161 and 162 MRTG typically only uses 161.
>
>
> Thanks
>
> On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> > MRTG cannot work properly due to iptables running.
> >
> >
> >
> > Anybody knows which port number to open to enable MRTG to work
>
> properly.
>
> > Thanks.
> >
> >
> >
> > Rgds
> >
> > gy

-- 
I want to build a machine that will be proud of me.

 - Danny Hillis, creator of The Connection Machine

                                                     Please reply to the list;
                                                           please don't CC me.

Re: MRTG and IPTABLES

[Daniel F. Chief Security Engineer -]

try

$IPTABLES -A INPUT -p udp --dport 161 -j ACCEPT 

assuming that yuo are tryinh to accept port 161 on the local machine. if you 
doing stateful it should look similar to this. 

# IP of machine running MRTG
$SNMP_POLLER_IP="xxx.xxx.xxx.xxx"

$IPTABLES -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 161 -m state --state NEW -s $SNMP_POLLER_IP 
-j ACCEPT

$IPTABLES -A OUTPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 161 -m state --state NEW -s $SNMP_POLLER_IP 
-j ACCEPT

This is assuming you have set the ploicies to drop
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP

On Wednesday 07 January 2004 06:46, Gilles Yue wrote:
> Hi,
>
> Is this the way it should be in iptables?
>
> #Open SNMP Ports
> $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT
>
> Have tried it, not working
>
> Thanks.
> Gy
>
> -----Original Message-----
> From: Daniel F. Chief Security Engineer -
> [mailto:danielf@supportteam.net]
> Sent: Wednesday, January 07, 2004 4:45 PM
> To: Gilles Yue; netfilter@lists.netfilter.org
> Subject: Re: MRTG and IPTABLES
>
> SNMP UDP Ports 161 and 162 MRTG typically only uses 161.
>
>
> Thanks
>
> On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> > MRTG cannot work properly due to iptables running.
> >
> >
> >
> > Anybody knows which port number to open to enable MRTG to work
>
> properly.
>
> > Thanks.
> >
> >
> >
> > Rgds
> >
> > gy

-- 
Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter how 
close you get to nothing.

RE: MRTG and IPTABLES

[Gilles Yue]

Hi,
	Opening port 1491 does not work.  Any other idea?

	Thanks anyway.

	Gy

-----Original Message-----
From: Eugene Joubert [mailto:EugeneJ@centratel.co.za] 
Sent: Wednesday, January 07, 2004 12:29 PM
Cc: netfilter@lists.netfilter.org
Subject: RE: MRTG and IPTABLES

Hi,

It uses SNMP protocol. I think this is built on top of the UDP protocol.
I
am not sure. Try opening up UDP port 1491. 

Hope this helps

Eugene

-----Original Message-----
From: John A. Sullivan III [mailto:john.sullivan@nexusmgmt.com] 
Sent: 07/01/2004 10:04 AM
To: Gilles Yue
Cc: netfilter@lists.netfilter.org
Subject: Re: MRTG and IPTABLES


On Wed, 2004-01-07 at 01:54, Gilles Yue wrote:
> MRTG cannot work properly due to iptables running.
> 
>  
> 
> Anybody knows which port number to open to enable MRTG to work 
> properly.
> 
>  
<snip>

No, not off hand but you can use a tool like Ethereal
(http://www.ethereal.com) or just tcpdump or even just log the ropped
packets in iptables to determine what MRTG is trying to do.  Good luck -
John
> 
>  
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 

Re: MRTG and IPTABLES

[Antony Stone]

On Wednesday 07 January 2004 9:34 am, Gilles Yue wrote:

> Hi,
> 	Opening port 1491 does not work.  Any other idea?

As far as I know SNMP uses UDP ports 161 and 162.   This is confirmed by the 
entries in my /etc/services file too.

I don't know if that's what MRTG uses, but might be worth trying.

The other approach is to turn on LOGging of dropped packets on your firewall - 
try using MRTG and see what protocols/ports you see being dropped.   That 
will tell you what you need to allow through.

Antony.

> -----Original Message-----
> From: Eugene Joubert [mailto:EugeneJ@centratel.co.za]
> Sent: Wednesday, January 07, 2004 12:29 PM
> Cc: netfilter@lists.netfilter.org
> Subject: RE: MRTG and IPTABLES
>
> Hi,
>
> It uses SNMP protocol. I think this is built on top of the UDP protocol.
> I
> am not sure. Try opening up UDP port 1491.
>
> Hope this helps
>
> Eugene
>
> -----Original Message-----
> From: John A. Sullivan III [mailto:john.sullivan@nexusmgmt.com]
> Sent: 07/01/2004 10:04 AM
> To: Gilles Yue
> Cc: netfilter@lists.netfilter.org
> Subject: Re: MRTG and IPTABLES
>
> On Wed, 2004-01-07 at 01:54, Gilles Yue wrote:
> > MRTG cannot work properly due to iptables running.
> >
> >
> >
> > Anybody knows which port number to open to enable MRTG to work
> > properly.
>
> <snip>
>
> No, not off hand but you can use a tool like Ethereal
> (http://www.ethereal.com) or just tcpdump or even just log the ropped
> packets in iptables to determine what MRTG is trying to do.  Good luck -
> John

-- 
This email is intended for the use of the individual addressee(s) named above 
and may contain information that is confidential, privileged or unsuitable 
for overly sensitive persons with low self-esteem, no sense of humour, or 
irrational religious beliefs.

If you have received this email in error, you are required to shred it 
immediately, add some nutmeg, three egg whites and a dessertspoonful of 
caster sugar.   Whisk until soft peaks form, then place in a warm oven for 40 
minutes.   Remove promptly and let stand for 2 hours before adding some 
decorative kiwi fruit and cream.   Then notify me immediately by return email 
and eat the original message.

                                                     Please reply to the list;
                                                           please don't CC me.

Re: MRTG and IPTABLES

[Jesper Lund]

> 	Opening port 1491 does not work.  Any other idea?
> 
> 	Thanks anyway.

Try snmp ports... ;)

Finding the snmp ports is left as an exercise for the expirienced user
:)

Regards,

Jesper

RE: MRTG and IPTABLES

[Eugene Joubert]

Hi,

It uses SNMP protocol. I think this is built on top of the UDP protocol. I
am not sure. Try opening up UDP port 1491. 

Hope this helps

Eugene

-----Original Message-----
From: John A. Sullivan III [mailto:john.sullivan@nexusmgmt.com] 
Sent: 07/01/2004 10:04 AM
To: Gilles Yue
Cc: netfilter@lists.netfilter.org
Subject: Re: MRTG and IPTABLES


On Wed, 2004-01-07 at 01:54, Gilles Yue wrote:
> MRTG cannot work properly due to iptables running.
> 
>  
> 
> Anybody knows which port number to open to enable MRTG to work 
> properly.
> 
>  
<snip>

No, not off hand but you can use a tool like Ethereal
(http://www.ethereal.com) or just tcpdump or even just log the ropped
packets in iptables to determine what MRTG is trying to do.  Good luck -
John
> 
>  
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 

MRTG and IPTABLES

[Gilles Yue]

[-- Attachment #1: Type: text/plain, Size: 180 bytes --]

MRTG cannot work properly due to iptables running.

 

Anybody knows which port number to open to enable MRTG to work properly.

 

Thanks.

 

Rgds

gy

 

 


[-- Attachment #2: Type: text/html, Size: 2264 bytes --]

Re: MRTG and IPTABLES

[John A. Sullivan III]

On Wed, 2004-01-07 at 01:54, Gilles Yue wrote:
> MRTG cannot work properly due to iptables running.
> 
>  
> 
> Anybody knows which port number to open to enable MRTG to work
> properly.
> 
>  
<snip>

No, not off hand but you can use a tool like Ethereal
(http://www.ethereal.com) or just tcpdump or even just log the ropped
packets in iptables to determine what MRTG is trying to do.  Good luck -
John
> 
>  
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 

Re: MRTG and IPTABLES

[Daniel F. Chief Security Engineer -]

SNMP UDP Ports 161 and 162 MRTG typically only uses 161. 


Thanks

On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> MRTG cannot work properly due to iptables running.
>
>
>
> Anybody knows which port number to open to enable MRTG to work properly.
>
>
>
> Thanks.
>
>
>
> Rgds
>
> gy

-- 
Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter how 
close you get to nothing.

Re: MRTG and IPTABLES

[Søren Kent Jensen]

UDP 161 is user to poll equipment for status / statistics
UDP 162 is used for SNMP traps.
(SNMP traps are typically used by equipment to send a warning message to an
SNMP server.)


Regards
Søren Kent Jensen


----- Original Message -----
From: "Daniel F. Chief Security Engineer -" <danielf@supportteam.net>
To: "Gilles Yue" <gyue@novelgmt.intnet.mu>; <netfilter@lists.netfilter.org>
Sent: Wednesday, January 07, 2004 1:44 PM
Subject: Re: MRTG and IPTABLES


> SNMP UDP Ports 161 and 162 MRTG typically only uses 161.
>
>
> Thanks
>
> On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> > MRTG cannot work properly due to iptables running.
> >
> >
> >
> > Anybody knows which port number to open to enable MRTG to work properly.
> >
> >
> >
> > Thanks.
> >
> >
> >
> > Rgds
> >
> > gy
>
> --
> Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
> The distance between nothing and infinity is always the same no matter how
> close you get to nothing.
>
>

Re: MRTG and IPTABLES

[Ian McBeth]

the target host should be running snmpd
and it is port 161 UDP

Ian

Gilles Yue wrote:

> MRTG cannot work properly due to iptables running.
>
>  
>
> Anybody knows which port number to open to enable MRTG to work properly.
>
>  
>
> Thanks.
>
>  
>
> Rgds
>
> gy
>
>  
>
>  
>