On 26/02/07, Makavy, Erez (Erez) <[EMAIL PROTECTED]> wrote: > It then seems that the only solution for supporting informs in a > "firewalled" system, is to use a fixed port (or range of ports) as > the source port for the sent informs,
For a TCP-based transport, this sort of response to an outgoing request would presumably be recognised as relating to the original (authorised) request, so would be allowed. I'm presuming that the problem here arises because SNMP notifications are usually sent over UDP, and the firewall can't automatically make the connection between the two packets. So one possible workaround might be to send the INFORM request over TCP rather than UDP. An alternative would be to configure the firewall to accept notification responses based on the source address (i.e. the notification receiver) rather than the destination (the agent). That would naturally be a fixed UDP port (typically 162), so it would be straightforward to configure the firewall accordingly. Dave ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
