Re: help with iptables and letting snmp packets through (3rd request)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is the critical line:

-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 161 -j ACCEPT

This allows any requests to the local SNMP daemon, which should be running on 161. If you're making SNMP requests; however, this line means nothing. When you make a request, the request will go to port 161 on the destination end, but the local end will be random. The easiest way to fix this is to use the following line instead:

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

This allows any packets in that are related to an existing connection. Once you make the request, the host will allow the response back in. Also, I doubt you need the TCP line, or the line for port 162. You'd only need TCP for weird devices, and 162 if you're dealing with SNMP traps.

Hope this helps.

Norman

------------------------------------------------------
Norman Elton
Information Technology - Network Engineering
College of William & Mary
757-221-7790
On Apr 1, 2004, at 4:11 PM, Chris W. Parker wrote:

Chris W. Parker <>
    on Thursday, April 01, 2004 1:03 PM said:

ok fine, turns out this is my 4th request.




c.



-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux