Solved

cannot access snmp on other subnets with net-snmp?

Posted on 2006-07-02
7
593 Views
Last Modified: 2008-03-10
Any servers on this subnet, snmpwalk -c public 10.192.16.161 works straight away.
On any other subnets, using the same settings, just doesn’t work.  I have played for days and am at a loss.
There are no firewalls in place, just ip forwarding?  I can query non linux snmp devices on other subnets, just none of the net-snmp boxes that I have set up. So possible mis-configuration? am using /27 subnets.

All servers / routers are using this snmpd.conf

"
syscontact  admin'AT'emailaddresshere syslocation bathurstwireless.local

#      sec.name   source          community (password)
com2sec Mybox     localhost        XXXXXXXXXX
com2sec Outside   default          public
#
#      group.name sec.model  sec.name
group   RWGroup    V1         Mybox
group   RWGroup    V2c        Mybox
group   RWGroup    usm        Mybox

group   ROGroup    V1         Outside
group   ROGroup    V2c        Outside
group   ROGroup    usm        Outside
#
#            incl/excl subtree   mask
view all     included  .1        80
#view system  included  system    fe
#
#              context sec.model sec.level prefix  read    write  notif
access  ROGroup   ""      any     noauth    exact   all     none   none
access  RWGroup   ""      any     noauth    exact   all     all    all
"

doing an nmap on the servers all bring up the following
Interesting ports on 10.192.16.161: (Local router)      can connect to this one
PORT    STATE         SERVICE
160/udp closed        sgmp-traps
161/udp open|filtered snmp
162/udp closed        snmptrap
163/udp closed        cmip-man

Interesting ports on 10.192.16.129: (Remote Router)      just times out like all the others :-Z
PORT    STATE         SERVICE
160/udp closed        sgmp-traps
161/udp open|filtered snmp
162/udp closed        snmptrap
163/udp closed        cmip-man


snmpwalk -c public 10.192.16.161
SNMPv2-MIB::sysDescr.0 = STRING: Linux bxwifi-ap-xtremex 2.4.31 #6 Sun Jun 5 19:04:47 PDT 2005 i686 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 SNMPv2-MIB::sysUpTime.0 = Timeticks: (427151) 1:11:11.51 SNMPv2-MIB::sysContact.0 = STRING: admin'AT'@emailaddresshere SNMPv2-MIB::sysName.0 = STRING: bxwifi-ap-xtremex SNMPv2-MIB::sysLocation.0 = STRING: bathurstwireless.local SNMPv2-MIB::sysORLastChange.0 = Timeticks: (7) 0:00:00.07 etc.................

snmpwalk -c public 10.192.16.129
Timeout: No Response from 10.192.16.129

Any ideas?

Cheers,
Phill
0
Comment
Question by:Xtreme-X
  • 3
  • 2
7 Comments
 
LVL 11

Expert Comment

by:grsteed
ID: 17027784
Have your checked your snmp configuration file (/etc/snmp/snmpd.conf)

This is an excertp from that file on my Redhat Linux system.

# Here is a commented out example configuration that allows less
# restrictive access.

# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.

##       sec.name  source          community
#com2sec local     localhost       COMMUNITY
#com2sec mynetwork NETWORK/24      COMMUNITY


I would check what you have from the "com2sec" and add your network if needed.

Cheers,

Gary
0
 
LVL 11

Expert Comment

by:grsteed
ID: 17031574
Also, if you if you are using NAT when you go to the other networks, you may have to include that network as well.

Cheers,

Gary
0
 
LVL 2

Author Comment

by:Xtreme-X
ID: 17032236
I have checked and played with the snmp file from various examples multiple times.

as you can see I am using
com2sec Outside   default          public
as I was under the impression that default = 0.0.0.0/0

even changing to 0.0.0.0/0 or my local net does not make any difference.

I am NAT'd from 192.168.X.X/24. -> 10.192.16.166/27.

I can snmpwalk to 10.192.16.161/27 (local subnet router)
but not to 10.192.16.129/27 (remote subnet router)

doing a tcpdump on the 10.192.16.129 gives the following
tcpdump -i ath0 | grep snmp
listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes
23:59:44.173417 IP 10.192.16.166.2371 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp:  GetRequest(25)  system.sysDescr.0
23:59:44.173859 IP 172.16.16.129.snmp > 10.192.16.166.2371:  GetResponse(95)  system.sysDescr.0=[|snmp]
23:59:45.172677 IP 10.192.16.166.2371 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp:  GetRequest(25)  system.sysDescr.0
23:59:45.173019 IP 172.16.16.129.snmp > 10.192.16.166.2371:  GetResponse(95)  system.sysDescr.0=[|snmp]
23:59:45.487881 IP 10.192.16.166.2560 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp: S 1104263887:1104263887(0) win 65535 <mss 1460,nop,nop,sackOK>
23:59:45.487970 IP bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp > 10.192.16.166.2560: R 0:0(0) ack 1104263888 win 0
23:59:45.950327 IP 10.192.16.166.2560 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp: S 1104263887:1104263887(0) win 65535 <mss 1460,nop,nop,sackOK>
23:59:45.950419 IP bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp > 10.192.16.166.2560: R 0:0(0) ack 1 win 0
23:59:46.172466 IP 10.192.16.166.2371 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp:  GetRequest(25)  system.sysDescr.0
23:59:46.172818 IP 172.16.16.129.snmp > 10.192.16.166.2371:  GetResponse(95)  system.sysDescr.0=[|snmp]
23:59:46.465655 IP 10.192.16.166.2560 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp: S 1104263887:1104263887(0) win 65535 <mss 1460,nop,nop,sackOK>
23:59:46.465741 IP bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp > 10.192.16.166.2560: R 0:0(0) ack 1 win 0
23:59:46.498383 IP 10.192.16.166.2667 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmptrap: S 1024708737:1024708737(0) win 65535 <mss 1460,nop,nop,sackOK>
23:59:46.498536 IP bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmptrap > 10.192.16.166.2667: R 0:0(0) ack 1024708738 win 0
23:59:46.954571 IP 10.192.16.166.2667 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmptrap: S 1024708737:1024708737(0) win 65535 <mss 1460,nop,nop,sackOK>
23:59:46.954748 IP bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmptrap > 10.192.16.166.2667: R 0:0(0) ack 1 win 0
23:59:47.450385 IP 10.192.16.166.2667 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmptrap: S 1024708737:1024708737(0) win 65535 <mss 1460,nop,nop,sackOK>
23:59:47.450560 IP bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmptrap > 10.192.16.166.2667: R 0:0(0) ack 1 win 0
23:59:56.101084 IP 10.192.16.166.3415 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp-tcp-port: S 880082858:880082858(0) win 65535 <mss 1460,nop,nop,sackOK>
23:59:56.101249 IP bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp-tcp-port > 10.192.16.166.3415: R 0:0(0) ack 880082859 win 0
23:59:56.596615 IP 10.192.16.166.3415 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp-tcp-port: S 880082858:880082858(0) win 65535 <mss 1460,nop,nop,sackOK>
23:59:56.596786 IP bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp-tcp-port > 10.192.16.166.3415: R 0:0(0) ack 1 win 0
23:59:57.099661 IP 10.192.16.166.3415 > bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp-tcp-port: S 880082858:880082858(0) win 65535 <mss 1460,nop,nop,sackOK>
23:59:57.099835 IP bxwifi-ap-vk2twu.16.192.10.in-addr.arpa.snmp-tcp-port > 10.192.16.166.3415: R 0:0(0) ack 1 win 0

<*     as you can see below, querying non- net-snmp hosts through this router work?      *>

00:01:30.673863 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(28)  system.sysUpTime.0
00:01:30.677961 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(32)  system.sysUpTime.0=41333256
00:01:30.826303 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(28)  system.sysUpTime.0
00:01:30.830342 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(32)  system.sysUpTime.0=41333271
00:01:30.975962 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(28)  system.sysUpTime.0
00:01:30.979991 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(32)  system.sysUpTime.0=41333286
00:01:31.125533 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(28)  system.sysUpTime.0
00:01:31.129565 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(32)  system.sysUpTime.0=41333300
00:01:31.331517 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(29)  25.1.6.0
00:01:31.336871 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(30)  25.1.6.0=20
00:01:31.483422 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(30)  interfaces.ifTable.ifEntry.ifOutOctets.5
00:01:31.505046 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(34)  interfaces.ifTable.ifEntry.ifOutOctets.5=114670110
00:01:31.651327 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(30)  interfaces.ifTable.ifEntry.ifInOctets.5
00:01:31.664609 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(34)  interfaces.ifTable.ifEntry.ifInOctets.5=887719555
00:01:31.811073 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(30)  interfaces.ifTable.ifEntry.ifInOctets.6
00:01:31.823911 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(34)  interfaces.ifTable.ifEntry.ifInOctets.6=42111064
00:01:31.970015 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(30)  interfaces.ifTable.ifEntry.ifOutOctets.6
00:01:31.983606 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(34)  interfaces.ifTable.ifEntry.ifOutOctets.6=920831615
00:01:32.129724 IP 10.192.16.166.44473 > 10.192.16.34.snmp:  GetRequest(30)  interfaces.ifTable.ifEntry.ifInOctets.7
00:01:32.142534 IP 10.192.16.34.snmp > 10.192.16.166.44473:  GetResponse(34)  interfaces.ifTable.ifEntry.ifInOctets.7=853165466

10.192.16.129 is also the router, while 10.192.16.34 is an actual host.

Is there something that I am missing on the routing side? or something else in the configuration somewhere?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Author Comment

by:Xtreme-X
ID: 17032400
After days of playing I finally got it working :D.

the problem was that snmpd seemed to be binding to the wrong interface,

if I loaded the daemon like so
snmpd 10.192.16.129

it would work!  Something so simple :-Z

must have missed it in all the reading somewhere
/me slaps himself.

I have another problem, hopefully I can still hand points out.

The snmp information that is being retrieved is not matching the IP address to any ATH interfaces?  Or in other cases, adding the wrong IP to the wrong interface?
how would I fix that?

Cheers,
Phill
0
 
LVL 11

Expert Comment

by:grsteed
ID: 17033030
I'm glad you got it figured out.

About the other problem, I can't help you there.  Perhaps a new post for that one.

For this one, you should request a refund per this link.
http://www.experts-exchange.com/help.jsp#hi70

Cheers,

Gary

0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 17364506
PAQ / Refund
ee ai construct, community support moderator
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now