DD-WRT change default SNMP port

I'm trying to configure dd-wrt on a wrt54gl to default snmp port to 1616 instead of 161. Ive messed around in a view config files but on every reboot, the default port 161 comes back. Anyone know how to force the router to use the specified port and stay that way on every reboot.

Thanks in advance!
LVL 10
bbrunningAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
captainmishConnect With a Mentor Commented:
There is probably a better way to do this, but one way may be to make a startup script that kills the running snmpd, then starts it again with -p 1616, eg:

#!/bin/sh
#kill any previously-running instances of snmpd
killall -q snmpd
#rerun listening on new port
snmpd -c /var/snmp/snmpd.conf 0.0.0.0:1161

This works on my (v24sp1) ddwrt - hope it helps :)
0
 
gheistCommented:
you should not.
which snmpd you have installed?
0
 
bbrunningAuthor Commented:
The default that comes on the voip generic bin
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
bbrunningAuthor Commented:
The default that comes on the voip generic bin
0
 
gheistCommented:
check /etc/config/*.startup for tips ;)
0
 
bbrunningAuthor Commented:
>>
#!/bin/sh
#kill any previously-running instances of snmpd
killall -q snmpd
#rerun listening on new port
snmpd -c /var/snmp/snmpd.conf 0.0.0.0:1161
<<

So would mine look like this:
killall -q snmpd
snmpd -p /var/snmp/snmpd.conf 0.0.0.0:1616

Also, where do I create the startup script at? Do I just use the nvam set rc_startup=" command?
0
 
bbrunningAuthor Commented:
Or would it be
snmpd -c /var/snmp/snmpd.conf 0.0.0.0:1161 -p 1616

???
0
 
bbrunningAuthor Commented:
Another thing, This is a wrt54gl with only 4MB os flash, when I run df, it says used 2816, 0 available 100% used. Does that mean I can't even load any startup scripts on this? the jffs directory is readonly and I believe that was the reason.
0
 
captainmishCommented:
That should be fine, it will be saved to nvram. Go to ip.of.rou.ter/Diagnostics.asp and enter the script in the "command" box, then "save startup" - that should be it done.
0
 
captainmishCommented:
PS, the snmpd on the ddwrt does not recognise the -p switch, thus the ip:port arg ;)
0
 
bbrunningAuthor Commented:
Okay so I adjusted the startup script and using nmap -sU I can see that 1616 is now open, but it's only open from within the network so my cacti server cannot get the stats from it. I've added a firewall rule as follows:
/usr/sbin/iptables -I INPUT 1 -p ICMP -s x.x.x.x -j logaccept
/usr/sbin/iptables -I INPUT 1 -p udp --dport 1616 -s x.x.x.x -j logaccept
/usr/sbin/iptables -I INPUT 1 -p ICMP -s x.x.x.x -j logaccept
/usr/sbin/iptables -I INPUT 1 -p udp --dport 1616 -s x.x.x.x -j logaccept

This works on all my other routers running under 161 but for some reason won't work with 1616, something else I need to add?
0
 
captainmishCommented:
It might be usint TCP, have you tried opening TCP:1161?
0
 
bbrunningAuthor Commented:
it's not using tcp.
0
 
captainmishCommented:
may just be a typo, but check you are using the same port for iptables and snmpd:

iptables: --dport 1616
snmpd:               1161
0
 
bbrunningAuthor Commented:
Changed both to 1161 and still won't report. Is there a reason why you used 1616 on iptables then 1161 snmpd on your last post captain?
0
 
bbrunningAuthor Commented:
oh, sorry I was still waking up, yes it was a typo. I have both setup the same.
0
 
captainmishCommented:
If you can ssh to the ddwrt, check that snmpd is running as expected (ps aux | grep snmpd), also check netstat output to see if its listening (netstat -unta)
0
 
bbrunningAuthor Commented:
ps -aux doesn't work, here's ps | grep snmpd

12204 root      2220 S    snmpd -c /var/snmp/snmpd.conf 192.168.0.1:1161
  454 root      1180 S    grep snmpd

Here's netstat for snmpd

udp        0      0 192.168.0.1:1161        0.0.0.0:*
0
 
captainmishCommented:
what are you using to query the ddwrt? Here, snmpwalk works fine against mine (no iptables modifications):

#replace {mypublicname} with whatever public community name (RO community in the ddwrt gui) you used
snmpwalk -v 2c -c {mypublicname} ip.of.dd.wrt:1161 system
0
 
bbrunningAuthor Commented:
I'm using cacti to query the router with nocsnmp. I'm not sure how to use snmpwalk, researching now.
0
 
bbrunningAuthor Commented:
I get no response using that
0
 
bbrunningAuthor Commented:
Not sure how you're accomplishing this without any iptables. Do you have your firewall turned off? I set everything back to default and 161 but can't query using snmpwalk. It grabs catci just fine with my 161 and iptables setup.
0
 
bbrunningAuthor Commented:
Either that or you are using snmpwalk from within your lan.
0
 
captainmishCommented:
That will be it :) Guessing your test with snmpwalk was also from the WAN side.
Have you tried removing the source ip part from the iptables rules as a test? The problem seems to be "after" snmpd. Might also be an idea to add a -j LOG rule later to see if its actually iptables dropping it.
0
 
bbrunningAuthor Commented:
Ok, so i've got snmp working on 1616 when I enter that command manually, but when it's saved to the startup script, it doesn't. Any ideas?

Sorry to back track but I found this out today using snmpwalk....btw awesome tool!
0
 
bbrunningAuthor Commented:
BTW, this is v24-sp2 12/28/09 voip firmware
0
 
bbrunningAuthor Commented:
update: switched to an older v24sp1 and the startup scripts worked fine. Looks like the startups don't work the same in sp2.
0
 
bbrunningAuthor Commented:
Thanks for the help. It's running but the firewall still blocks it from the outside. Internally snmpwalk works just fine, externally it cannot connect and I've set the firewall rules the same way they are for port 161. Don't know what's making it block like that.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.