Hi folks
I set up a new Cacti/Nagios server. I can monitor all internal networks fine. However when I try to monitor a Router on the other end of a site to site vpn the traffic is getting dropped. I verified this by shutting the firewall off then doing an snmpwalk to the device. Works fine with the FW off.
Also, I did a packet capture of the traffic on the for side of the vpn and it appears the requests are hitting the device so I am thinking they are getting dropped at the FW on the way in. Any suggestions on what I could be missing?
Thanks
firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client http https snmp ssh
ports: 161/tcp 162/udp 161/udp 162/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
Firewalld blocking SNMP traffic...incoming?
Re: Firewalld blocking SNMP traffic...incoming?
Another thing I noticed is that if I run systemctl disable firewalld The snmp walk still does not work. Only way I can get the snmpwalk to work is to run systemctl stop firewalld
Re: Firewalld blocking SNMP traffic...incoming?
disable just stops it from starting, it doesn't stop it if it's running.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Firewalld blocking SNMP traffic...incoming?
Hi,
Was this ever resolved?
I'm running in to the same issue, I have snmp added on the service side as well as the ports open, exactly as you've listed above.
Getting a timeout response, but if I stop the firewall it works fine.
Was this ever resolved?
I'm running in to the same issue, I have snmp added on the service side as well as the ports open, exactly as you've listed above.
Getting a timeout response, but if I stop the firewall it works fine.