SNMP Access on Ubuntu

Question

I am trying to use SNMP to monitor a machine locally on its self and remotely. This is the snmpd.conf (Ubuntu 8.04.1):

#       sec.name  source          comunity
com2sec readonly  1.2.3.4    nicenandtight
com2sec readonly  5.6.7.8   reallysafe

group MyROGroup v1         readonly
group MyROGroup v2c        readonly
group MyROGroup usm        readonly

view all    included  .1                               
view system included  .iso.org.dod.internet.mgmt.mib-2.system

access MyROGroup ""      any       noauth    exact  all    none   none

syslocation my house
syscontact me <name@domain.com>

exec .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro
smuxpeer .1.3.6.1.4.1.674.10892.1

includeAllDisks 95%

1.2.3.4 is the local machines IP and everything is working locally. 5.6.7.8 is the remote machine and initially I am just trying to touch SNMPD with snmpwalk from the remote machine;

snmpwalk -v 2c -c reallysafe 1.2.3.4
Timeout: No Response from 1.2.3.4

I have added to iptables as the very first rule;

-A INPUT -p udp -m udp --dport 161 -j ACCEPT

With such a loose iptables rule I can't see why I can't even touch the SNMPD on that Uubuntu Machine. There are more specific rules further down the table but as I couldn't connect I added the above. TCPDump shows the UDP packets coming in. What could be going wrong here?

Run tcpdump on the interface and have it listen for udp traffic on port 161. Then run the snmp command and see if the request even made it past the firewall. — Rilindo, Nov 23 '11 at 02:38

dSoultanis · Answer 1 · 2011-11-22T22:51:18.233

4

Good Morning. Is your snmpd(Not firewall) configured to allow incomming connections ? Try:

nestat -nlpu|grep snmp

is it listening on 127.0.0.1 or 0.0.0.0 Config snmpd:

/etc/snmp/snmpd.conf

I am not sure about 8.0.4 ubuntu but in 10+ you have to add

agentAddress udp:0.0.0.0:161

Rev2

Firewall Has to be opened also in output

iptables -A OUTPUT -p udp -m udp --sport 161 -j ACCEPT

You try to access the system via the internet or same network

edited Nov 22 '11 at 22:51

answered Nov 22 '11 at 15:49

dSoultanis

336
1
4

netstat -nlpu|grep snmp udp 0 0 0.0.0.0:161 0.0.0.0:* 27795/snmpd – jwbensley Nov 22 '11 at 16:00
I forgot to mention so I apologise as its my fault, I set the default output policy to accept. Thanks for your help dSoultanis :) – jwbensley Nov 23 '11 at 09:51

score 2 · Accepted Answer · answered Nov 23 '11 at 09:50

2

This is a new one for me, SNMPD had been restricted inside /etc/hosts.allow as well as iptables. I simply added the remote host's IP to the list in there and all is working now.

Thanks to all for your help it is greatly appreciated. You all helped my cross of each possible avenue until only one was left. Out of curiosity though, where does TCP dump sit in the network chain, before or after iptables? Presumably after, so is it possible to see packets before they hit iptables?

answered Nov 23 '11 at 09:50

jwbensley

4,202
11
58
90

tcpdump binds directly to the network interface (eth0) and puts the device in promiscious mode so you can see any/all of the packets flowing in/out of the device, so it's before iptables. – slm Jun 08 '13 at 08:32

score 1 · Answer 3 · answered Nov 22 '11 at 20:22

1

Does tcpdump also show return udp traffic sent back to the host? (Try something like tcpdump host other.host.address and udp)

If so, perhaps your OUTPUT firewall rules are preventing udp traffic back to the other host? Can you post the output of iptables -nL?

answered Nov 22 '11 at 20:22

Kyle Smith

9,683
1
31
32

Here is the SNMP get request coming in from the remote host, captured on the local host: 09:39:13.589684 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 71) 5.6.7.8.41334 > 1.2.3.4.161: [udp sum ok] { SNMPv2c C=reallysafe { GetNextRequest(25) R=1032297586 .1.3.6.1.2.1 } } E..G..@.?...Y...Y..".v...3.H0).... reallysafe....=..r......0.0 ..+...... – jwbensley Nov 23 '11 at 09:47
As you can see the request comes in but nothing goes back out. – jwbensley Nov 23 '11 at 09:47

score 1 · Answer 4 · edited Dec 27 '12 at 11:04

I also met this issue in ubuntu10.4 and this post help me much:

If you only want to poll from localhost, you are done. If, however, you want to use SNMP over a network... You need to edit /etc/default/snmpd and change the line that binds it only to 127.0.0.1 only.

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'

SNMP Access on Ubuntu

4 Answers4