Solved

DD-WRT change default SNMP port

Posted on 2010-08-17
28
2,098 Views
Last Modified: 2012-05-10
I'm trying to configure dd-wrt on a wrt54gl to default snmp port to 1616 instead of 161. Ive messed around in a view config files but on every reboot, the default port 161 comes back. Anyone know how to force the router to use the specified port and stay that way on every reboot.

Thanks in advance!
0
Comment
Question by:bbrunning
  • 18
  • 8
  • 2
28 Comments
 
LVL 61

Expert Comment

by:gheist
Comment Utility
you should not.
which snmpd you have installed?
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
The default that comes on the voip generic bin
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
The default that comes on the voip generic bin
0
 
LVL 3

Accepted Solution

by:
captainmish earned 500 total points
Comment Utility
There is probably a better way to do this, but one way may be to make a startup script that kills the running snmpd, then starts it again with -p 1616, eg:

#!/bin/sh
#kill any previously-running instances of snmpd
killall -q snmpd
#rerun listening on new port
snmpd -c /var/snmp/snmpd.conf 0.0.0.0:1161

This works on my (v24sp1) ddwrt - hope it helps :)
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
check /etc/config/*.startup for tips ;)
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
>>
#!/bin/sh
#kill any previously-running instances of snmpd
killall -q snmpd
#rerun listening on new port
snmpd -c /var/snmp/snmpd.conf 0.0.0.0:1161
<<

So would mine look like this:
killall -q snmpd
snmpd -p /var/snmp/snmpd.conf 0.0.0.0:1616

Also, where do I create the startup script at? Do I just use the nvam set rc_startup=" command?
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
Or would it be
snmpd -c /var/snmp/snmpd.conf 0.0.0.0:1161 -p 1616

???
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
Another thing, This is a wrt54gl with only 4MB os flash, when I run df, it says used 2816, 0 available 100% used. Does that mean I can't even load any startup scripts on this? the jffs directory is readonly and I believe that was the reason.
0
 
LVL 3

Expert Comment

by:captainmish
Comment Utility
That should be fine, it will be saved to nvram. Go to ip.of.rou.ter/Diagnostics.asp and enter the script in the "command" box, then "save startup" - that should be it done.
0
 
LVL 3

Expert Comment

by:captainmish
Comment Utility
PS, the snmpd on the ddwrt does not recognise the -p switch, thus the ip:port arg ;)
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
Okay so I adjusted the startup script and using nmap -sU I can see that 1616 is now open, but it's only open from within the network so my cacti server cannot get the stats from it. I've added a firewall rule as follows:
/usr/sbin/iptables -I INPUT 1 -p ICMP -s x.x.x.x -j logaccept
/usr/sbin/iptables -I INPUT 1 -p udp --dport 1616 -s x.x.x.x -j logaccept
/usr/sbin/iptables -I INPUT 1 -p ICMP -s x.x.x.x -j logaccept
/usr/sbin/iptables -I INPUT 1 -p udp --dport 1616 -s x.x.x.x -j logaccept

This works on all my other routers running under 161 but for some reason won't work with 1616, something else I need to add?
0
 
LVL 3

Expert Comment

by:captainmish
Comment Utility
It might be usint TCP, have you tried opening TCP:1161?
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
it's not using tcp.
0
 
LVL 3

Expert Comment

by:captainmish
Comment Utility
may just be a typo, but check you are using the same port for iptables and snmpd:

iptables: --dport 1616
snmpd:               1161
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 10

Author Comment

by:bbrunning
Comment Utility
Changed both to 1161 and still won't report. Is there a reason why you used 1616 on iptables then 1161 snmpd on your last post captain?
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
oh, sorry I was still waking up, yes it was a typo. I have both setup the same.
0
 
LVL 3

Expert Comment

by:captainmish
Comment Utility
If you can ssh to the ddwrt, check that snmpd is running as expected (ps aux | grep snmpd), also check netstat output to see if its listening (netstat -unta)
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
ps -aux doesn't work, here's ps | grep snmpd

12204 root      2220 S    snmpd -c /var/snmp/snmpd.conf 192.168.0.1:1161
  454 root      1180 S    grep snmpd

Here's netstat for snmpd

udp        0      0 192.168.0.1:1161        0.0.0.0:*
0
 
LVL 3

Expert Comment

by:captainmish
Comment Utility
what are you using to query the ddwrt? Here, snmpwalk works fine against mine (no iptables modifications):

#replace {mypublicname} with whatever public community name (RO community in the ddwrt gui) you used
snmpwalk -v 2c -c {mypublicname} ip.of.dd.wrt:1161 system
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
I'm using cacti to query the router with nocsnmp. I'm not sure how to use snmpwalk, researching now.
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
I get no response using that
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
Not sure how you're accomplishing this without any iptables. Do you have your firewall turned off? I set everything back to default and 161 but can't query using snmpwalk. It grabs catci just fine with my 161 and iptables setup.
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
Either that or you are using snmpwalk from within your lan.
0
 
LVL 3

Expert Comment

by:captainmish
Comment Utility
That will be it :) Guessing your test with snmpwalk was also from the WAN side.
Have you tried removing the source ip part from the iptables rules as a test? The problem seems to be "after" snmpd. Might also be an idea to add a -j LOG rule later to see if its actually iptables dropping it.
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
Ok, so i've got snmp working on 1616 when I enter that command manually, but when it's saved to the startup script, it doesn't. Any ideas?

Sorry to back track but I found this out today using snmpwalk....btw awesome tool!
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
BTW, this is v24-sp2 12/28/09 voip firmware
0
 
LVL 10

Author Comment

by:bbrunning
Comment Utility
update: switched to an older v24sp1 and the startup scripts worked fine. Looks like the startups don't work the same in sp2.
0
 
LVL 10

Author Closing Comment

by:bbrunning
Comment Utility
Thanks for the help. It's running but the firewall still blocks it from the outside. Internally snmpwalk works just fine, externally it cannot connect and I've set the firewall rules the same way they are for port 161. Don't know what's making it block like that.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now