From: "Daniel F. Chief Security Engineer -" <danielf@supportteam.net>
To: Gilles Yue <gyue@novelgmt.intnet.mu>, netfilter@lists.netfilter.org
Subject: Re: MRTG and IPTABLES
Date: Wed, 7 Jan 2004 08:17:38 -0600 [thread overview]
Message-ID: <200401070817.38685.danielf@supportteam.net> (raw)
In-Reply-To: <83055D4B014C9E478D2F04624B9E82CFAE965A@noveldc.novelgmt.mu>
try
$IPTABLES -A INPUT -p udp --dport 161 -j ACCEPT
assuming that yuo are tryinh to accept port 161 on the local machine. if you
doing stateful it should look similar to this.
# IP of machine running MRTG
$SNMP_POLLER_IP="xxx.xxx.xxx.xxx"
$IPTABLES -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 161 -m state --state NEW -s $SNMP_POLLER_IP
-j ACCEPT
$IPTABLES -A OUTPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 161 -m state --state NEW -s $SNMP_POLLER_IP
-j ACCEPT
This is assuming you have set the ploicies to drop
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
On Wednesday 07 January 2004 06:46, Gilles Yue wrote:
> Hi,
>
> Is this the way it should be in iptables?
>
> #Open SNMP Ports
> $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT
>
> Have tried it, not working
>
> Thanks.
> Gy
>
> -----Original Message-----
> From: Daniel F. Chief Security Engineer -
> [mailto:danielf@supportteam.net]
> Sent: Wednesday, January 07, 2004 4:45 PM
> To: Gilles Yue; netfilter@lists.netfilter.org
> Subject: Re: MRTG and IPTABLES
>
> SNMP UDP Ports 161 and 162 MRTG typically only uses 161.
>
>
> Thanks
>
> On Wednesday 07 January 2004 00:54, Gilles Yue wrote:
> > MRTG cannot work properly due to iptables running.
> >
> >
> >
> > Anybody knows which port number to open to enable MRTG to work
>
> properly.
>
> > Thanks.
> >
> >
> >
> > Rgds
> >
> > gy
--
Daniel Fairchild - Chief Security Officer | danielf@supportteam.net
The distance between nothing and infinity is always the same no matter how
close you get to nothing.
next prev parent reply other threads:[~2004-01-07 14:17 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-07 12:46 MRTG and IPTABLES Gilles Yue
2004-01-07 12:57 ` Antony Stone
2004-01-07 14:17 ` Daniel F. Chief Security Engineer - [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-01-09 5:54 Gilles Yue
2004-01-08 11:56 Gilles Yue
2004-01-08 12:07 ` Antony Stone
2004-01-08 6:47 Gilles Yue
2004-01-08 9:27 ` Antony Stone
2004-01-08 13:13 ` Daniel F. Chief Security Engineer -
2004-01-07 16:17 mpdykeman
2004-01-07 9:34 Gilles Yue
2004-01-07 9:44 ` Antony Stone
2004-01-07 9:55 ` Jesper Lund
2004-01-07 8:28 Eugene Joubert
2004-01-07 6:54 Gilles Yue
2004-01-07 8:03 ` John A. Sullivan III
2004-01-07 12:44 ` Daniel F. Chief Security Engineer -
2004-01-07 16:06 ` Søren Kent Jensen
2004-02-14 21:30 ` Ian McBeth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200401070817.38685.danielf@supportteam.net \
--to=danielf@supportteam.net \
--cc=gyue@novelgmt.intnet.mu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox