On Tue, 11 May 2004 [EMAIL PROTECTED] wrote:
> But I have a problem with monitoring routers via Internet.
>
> I have several Internet connection. Some or completely separated from our
> main network.
>
> So to monitor these routers, i have to go thru a firewall, on the internet,
> to the other router.
> (mrtg server --> firewall --> INTERNET --> router)
>
> I always get the same error:
> --base: Get Device Info on [EMAIL PROTECTED]:
> SNMP Error:
> no response received
> SNMPv1_Session (remote host: "210.88.234.215" [210.88.234.215].161)
> community: ""xxx"
> request ID: -1222128975
> PDU bufsize: 8000 bytes
> timeout: 2s
> retries: 5
> backoff: 1)
> at /usr/local/mrtg-2/bin/../lib/mrtg2/SNMP_util.pm line 570
> SNMPWALK Problem for 1.3.6.1.2.1.1 on [EMAIL PROTECTED]
> at /usr/local/mrtg-2/bin/cfgmaker line 709
>
>
> If a try a snmpget i get also "Timeout, no response from ..."
The "no response received" indicates that the firewall is not configured
to allow UDP packets
(1) from the "Internet" to the system that is running MRTG or
(2) to the "Internet" from the system that is running MRTG.
As UDP can be used for downloading malware, you don't want to allow UDP to
cross over your security perimeter. You need to construct specific rules
that allow UDP port 161 traffic between your routers and the MRTG system.
Also, be sure to specify the IP address of the router that is "nearest"
the MRTG system.
Merton Campbell Crockett
--
BEGIN: vcard
VERSION: 3.0
FN: Merton Campbell Crockett
ORG: General Dynamics Advanced Information Systems;
Intelligence and Exploitation Systems
N: Crockett;Merton;Campbell
EMAIL;TYPE=internet: [EMAIL PROTECTED]
TEL;TYPE=work,voice,msg,pref: +1(805)497-5045
TEL;TYPE=work,fax: +1(805)497-5050
TEL;TYPE=cell,voice,msg: +1(805)377-6762
END: vcard
--
Unsubscribe mailto:[EMAIL PROTECTED]
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
