?
Solved

DD-WRT change default SNMP port

Posted on 2010-08-17
28
Medium Priority
?
2,211 Views
Last Modified: 2012-05-10
I'm trying to configure dd-wrt on a wrt54gl to default snmp port to 1616 instead of 161. Ive messed around in a view config files but on every reboot, the default port 161 comes back. Anyone know how to force the router to use the specified port and stay that way on every reboot.

Thanks in advance!
0
Comment
Question by:bbrunning
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 18
  • 8
  • 2
28 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 33464648
you should not.
which snmpd you have installed?
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33464969
The default that comes on the voip generic bin
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33464973
The default that comes on the voip generic bin
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Accepted Solution

by:
captainmish earned 2000 total points
ID: 33465092
There is probably a better way to do this, but one way may be to make a startup script that kills the running snmpd, then starts it again with -p 1616, eg:

#!/bin/sh
#kill any previously-running instances of snmpd
killall -q snmpd
#rerun listening on new port
snmpd -c /var/snmp/snmpd.conf 0.0.0.0:1161

This works on my (v24sp1) ddwrt - hope it helps :)
0
 
LVL 62

Expert Comment

by:gheist
ID: 33465166
check /etc/config/*.startup for tips ;)
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33465820
>>
#!/bin/sh
#kill any previously-running instances of snmpd
killall -q snmpd
#rerun listening on new port
snmpd -c /var/snmp/snmpd.conf 0.0.0.0:1161
<<

So would mine look like this:
killall -q snmpd
snmpd -p /var/snmp/snmpd.conf 0.0.0.0:1616

Also, where do I create the startup script at? Do I just use the nvam set rc_startup=" command?
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33465853
Or would it be
snmpd -c /var/snmp/snmpd.conf 0.0.0.0:1161 -p 1616

???
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33466077
Another thing, This is a wrt54gl with only 4MB os flash, when I run df, it says used 2816, 0 available 100% used. Does that mean I can't even load any startup scripts on this? the jffs directory is readonly and I believe that was the reason.
0
 
LVL 3

Expert Comment

by:captainmish
ID: 33466498
That should be fine, it will be saved to nvram. Go to ip.of.rou.ter/Diagnostics.asp and enter the script in the "command" box, then "save startup" - that should be it done.
0
 
LVL 3

Expert Comment

by:captainmish
ID: 33466505
PS, the snmpd on the ddwrt does not recognise the -p switch, thus the ip:port arg ;)
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33480379
Okay so I adjusted the startup script and using nmap -sU I can see that 1616 is now open, but it's only open from within the network so my cacti server cannot get the stats from it. I've added a firewall rule as follows:
/usr/sbin/iptables -I INPUT 1 -p ICMP -s x.x.x.x -j logaccept
/usr/sbin/iptables -I INPUT 1 -p udp --dport 1616 -s x.x.x.x -j logaccept
/usr/sbin/iptables -I INPUT 1 -p ICMP -s x.x.x.x -j logaccept
/usr/sbin/iptables -I INPUT 1 -p udp --dport 1616 -s x.x.x.x -j logaccept

This works on all my other routers running under 161 but for some reason won't work with 1616, something else I need to add?
0
 
LVL 3

Expert Comment

by:captainmish
ID: 33483093
It might be usint TCP, have you tried opening TCP:1161?
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33489428
it's not using tcp.
0
 
LVL 3

Expert Comment

by:captainmish
ID: 33499231
may just be a typo, but check you are using the same port for iptables and snmpd:

iptables: --dport 1616
snmpd:               1161
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33500271
Changed both to 1161 and still won't report. Is there a reason why you used 1616 on iptables then 1161 snmpd on your last post captain?
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33500920
oh, sorry I was still waking up, yes it was a typo. I have both setup the same.
0
 
LVL 3

Expert Comment

by:captainmish
ID: 33505745
If you can ssh to the ddwrt, check that snmpd is running as expected (ps aux | grep snmpd), also check netstat output to see if its listening (netstat -unta)
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33506212
ps -aux doesn't work, here's ps | grep snmpd

12204 root      2220 S    snmpd -c /var/snmp/snmpd.conf 192.168.0.1:1161
  454 root      1180 S    grep snmpd

Here's netstat for snmpd

udp        0      0 192.168.0.1:1161        0.0.0.0:*
0
 
LVL 3

Expert Comment

by:captainmish
ID: 33509058
what are you using to query the ddwrt? Here, snmpwalk works fine against mine (no iptables modifications):

#replace {mypublicname} with whatever public community name (RO community in the ddwrt gui) you used
snmpwalk -v 2c -c {mypublicname} ip.of.dd.wrt:1161 system
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33510559
I'm using cacti to query the router with nocsnmp. I'm not sure how to use snmpwalk, researching now.
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33510685
I get no response using that
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33510847
Not sure how you're accomplishing this without any iptables. Do you have your firewall turned off? I set everything back to default and 161 but can't query using snmpwalk. It grabs catci just fine with my 161 and iptables setup.
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33510867
Either that or you are using snmpwalk from within your lan.
0
 
LVL 3

Expert Comment

by:captainmish
ID: 33512753
That will be it :) Guessing your test with snmpwalk was also from the WAN side.
Have you tried removing the source ip part from the iptables rules as a test? The problem seems to be "after" snmpd. Might also be an idea to add a -j LOG rule later to see if its actually iptables dropping it.
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33538108
Ok, so i've got snmp working on 1616 when I enter that command manually, but when it's saved to the startup script, it doesn't. Any ideas?

Sorry to back track but I found this out today using snmpwalk....btw awesome tool!
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33538147
BTW, this is v24-sp2 12/28/09 voip firmware
0
 
LVL 10

Author Comment

by:bbrunning
ID: 33538821
update: switched to an older v24sp1 and the startup scripts worked fine. Looks like the startups don't work the same in sp2.
0
 
LVL 10

Author Closing Comment

by:bbrunning
ID: 33547639
Thanks for the help. It's running but the firewall still blocks it from the outside. Internally snmpwalk works just fine, externally it cannot connect and I've set the firewall rules the same way they are for port 161. Don't know what's making it block like that.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Netscaler #MSSQL #Load Balance
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question