Hosts.allow/hosts.deny relates to snmpd

Tue, 20 Jul 2004 15:42:43 -0700 

My understanding is snmpd is using tcpwrap lib. So, if we can use 
hosts.allow/hosts.deny to control the access.  What I have tried the following 4 steps:

1) If both hosts.allow and hosts.deny are not set (emtpy), it can access MIB 
registered in snmpd and the subagents behind it.

2) If hosts.deny has the following line, all access to snmpd and subagents are denied. 
snmpd: ALL

3) If hosts.deny has the following line, all access to snmpd is denied except 
localhost.  With this setting, data in subagents can not be accessed, only master 
agent data are exposed.
snmpd: ALL EXCEPT 127.

In the log file:
Jul 20 14:41:48 bigip tmsnmpd[2096]: Connection from callback: 1 on fd 4 REFUSED

4) If hosts.deny/hosts.allow have the following lines , all access to snmpd and 
subagents are denied.
 snmpd: ALL  ---> hosts.deny 
 snmpd: 192.168.102.159 ----> hosts.allow

In the log file:
Jul 20 14:25:59 bigip snmpd[2067]: Connection from 192.168.102.159 REFUSED
Jul 20 14:25:59 bigip tmsnmpd[2096]: Connection from callback: 1 on fd 4 REFUSED
Jul 20 14:26:00 bigip snmpd[2067]: Connection from 192.168.102.159 REFUSE
D
Jul 20 14:26:00 bigip tmsnmpd[2096]: Connection from callback: 1 on fd 4 REFUSED
Jul 20 14:26:45 bigip tmsnmpd[2096]: Connection from callback: 1 on fd 4REFUSED

Where, tmsnmpd is a subagent behind snmpd.

A) Is there something wrong? 
B) How can I control  access by using hosts.allow/hosts.deny? 
C) The relationship between master agent and subagent effected by 
hosts.allow/hosts.deny setting? Seems yes, how can I make tcpwrap not affect 
subagents? Subagents are behind master agent anyway.

I am using v5.0.9 on Linux.

Thanks,

Fong


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Net-snmp-coders mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to