* SNMP through VPN?
@ 2005-12-01 12:20 Wolfgang Lonien
2005-12-06 12:52 ` Nick Drage
0 siblings, 1 reply; 3+ messages in thread
From: Wolfgang Lonien @ 2005-12-01 12:20 UTC (permalink / raw)
To: netfilter
Hi list,
I have an issue, and I think it's because of my linited knowledge of
iptables. The scenario:
linuxbox1---router1=====(IPSecTunnel)=====router2---linuxbox2
192.168.x.0/24============================10.a.b.0/24
I want to set up monitoring using SNMP. I *can* do this from linuxbox1
to linuxbox2 and vice versa, but not from linuxbox1 to router2 (internal
interface) or from linuxbox2 to router1 (internal interface). All other
services like ICMP or TCP (ssh) work in both directions, as do SNMP
requests from the internal side to the internal interfaces of the routers.
In the firewall rules of router1, I added:
iptables -I forwarding_rule -p all -s 10.a.b.0/24 -d 192.168.x.0/24 -j
ACCEPT
iptables -I forwarding_rule -p all -s 192.168.x.0/24 -d 10.a.b.0/24 -j
ACCEPT
to allow all traffic in both directions. I tried the same with input and
output and as the interface ipsec+, but still no luck. I can SNMP-query
devices *behind* the routers, but not the routers themselves.
What am I doing wrong?
kind regards,
wjl aka Wolfgang Lonien
www.lonien.de
--
Key ID 0x728D9BD0 - public key available at wwwkeys.de.pgp.net
'94 Honda NTV still running on fuel -
everything else here proudly runs Debian GNU/Linux
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SNMP through VPN?
2005-12-01 12:20 SNMP through VPN? Wolfgang Lonien
@ 2005-12-06 12:52 ` Nick Drage
2005-12-06 13:36 ` Wolfgang Lonien
0 siblings, 1 reply; 3+ messages in thread
From: Nick Drage @ 2005-12-06 12:52 UTC (permalink / raw)
To: netfilter
On Thu, Dec 01, 2005 at 01:20:35 +0100, Wolfgang Lonien wrote:
> Hi list,
<snip>
> What am I doing wrong?
Can you make other connections, not related to SNMP, from linuxbox1 to
router2 and from linuxbox2 to router1, both to the router's internal
interfaces?
And what packet sniffing software do you have available on the routers,
so you can what's happening to the traffic.
--
deviants are sacrificed to increase group solidarity
Jenny Solzer
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SNMP through VPN?
2005-12-06 12:52 ` Nick Drage
@ 2005-12-06 13:36 ` Wolfgang Lonien
0 siblings, 0 replies; 3+ messages in thread
From: Wolfgang Lonien @ 2005-12-06 13:36 UTC (permalink / raw)
To: netfilter
Nick Drage wrote:
> Can you make other connections, not related to SNMP, from linuxbox1 to
> router2 and from linuxbox2 to router1, both to the router's internal
> interfaces?
Yup - ssh and/or http work just like a charm...
> And what packet sniffing software do you have available on the routers,
> so you can what's happening to the traffic.
I installed tcpdump lately. But it seems that some guy of the german
Astaro support worked that out already - because that's our commercial
firewall in the company, where I had the same effect.
Looks like some SNAT-rule together with another iptables 'ACCEPT' is
necessary to get things going. As soon as I can confirm that the other
way (from the company to the internal interface of my WRT54G), I'll keep
you updated...
But thanks anyway,
cheers,
wjl
--
Key ID 0x728D9BD0 - public key available at wwwkeys.de.pgp.net
'94 Honda NTV still running on fuel -
everything else here proudly runs Debian GNU/Linux
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-12-06 13:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-01 12:20 SNMP through VPN? Wolfgang Lonien
2005-12-06 12:52 ` Nick Drage
2005-12-06 13:36 ` Wolfgang Lonien
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.