Hi, I have opened port 161 in my firewall script. $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT However, POSRTOUTING SET TO DROP By default, is preventing MRTG from running properly. (I have tried setting POSTROUTING TO ACCEPT and MRTG works fine) $IPTABLES -t nat -P POSTROUTING DROP Does anybody know how do I allow MRTG to run with POSTROUTING SET TO DROP? Thanks gy -----Original Message----- From: Gilles Yue Sent: Thursday, January 08, 2004 10:47 AM To: Daniel F. Chief Security Engineer -; netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: MRTG and IPTABLES Dear sir, Have tried your commands below but when I run my iptables script, I get "command not found" and it points to the line $SNMP_POLLER_IP="xxx.xxx.xxx.xxx" Thanks gy -----Original Message----- From: Daniel F. Chief Security Engineer - [mailto:danielf@xxxxxxxxxxxxxxx] Sent: Wednesday, January 07, 2004 6:18 PM To: Gilles Yue; netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: MRTG and IPTABLES try $IPTABLES -A INPUT -p udp --dport 161 -j ACCEPT assuming that yuo are tryinh to accept port 161 on the local machine. if you doing stateful it should look similar to this. # IP of machine running MRTG $SNMP_POLLER_IP="xxx.xxx.xxx.xxx" $IPTABLES -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A INPUT -p udp --dport 161 -m state --state NEW -s $SNMP_POLLER_IP -j ACCEPT $IPTABLES -A OUTPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A OUTPUT -p udp --sport 161 -m state --state NEW -s $SNMP_POLLER_IP -j ACCEPT This is assuming you have set the ploicies to drop $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP On Wednesday 07 January 2004 06:46, Gilles Yue wrote: > Hi, > > Is this the way it should be in iptables? > > #Open SNMP Ports > $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT > > Have tried it, not working > > Thanks. > Gy > > -----Original Message----- > From: Daniel F. Chief Security Engineer - > [mailto:danielf@xxxxxxxxxxxxxxx] > Sent: Wednesday, January 07, 2004 4:45 PM > To: Gilles Yue; netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: MRTG and IPTABLES > > SNMP UDP Ports 161 and 162 MRTG typically only uses 161. > > > Thanks > > On Wednesday 07 January 2004 00:54, Gilles Yue wrote: > > MRTG cannot work properly due to iptables running. > > > > > > > > Anybody knows which port number to open to enable MRTG to work > > properly. > > > Thanks. > > > > > > > > Rgds > > > > gy -- Daniel Fairchild - Chief Security Officer | danielf@xxxxxxxxxxxxxxx The distance between nothing and infinity is always the same no matter how close you get to nothing.
