help with iptables and letting snmp packets through (3rd request)
Norman Elton
wnelto at net.wm.edu
Thu Apr 1 21:24:53 UTC 2004
This is the critical line:
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 161 -j ACCEPT
This allows any requests to the local SNMP daemon, which should be
running on 161. If you're making SNMP requests; however, this line
means nothing. When you make a request, the request will go to port 161
on the destination end, but the local end will be random. The easiest
way to fix this is to use the following line instead:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
This allows any packets in that are related to an existing connection.
Once you make the request, the host will allow the response back in.
Also, I doubt you need the TCP line, or the line for port 162. You'd
only need TCP for weird devices, and 162 if you're dealing with SNMP
traps.
Hope this helps.
Norman
------------------------------------------------------
Norman Elton
Information Technology - Network Engineering
College of William & Mary
757-221-7790
On Apr 1, 2004, at 4:11 PM, Chris W. Parker wrote:
> Chris W. Parker <>
> on Thursday, April 01, 2004 1:03 PM said:
>
> ok fine, turns out this is my 4th request.
>
>
>
>
> c.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list