I'm required to make sure any request to the snmp daemon is on a particular Ip address/port combination for security. eg 192.168.0.20:1032, 192.168.0.30:1046 etc as we previously had. The documentation and comments in snmpd.conf imply that this can be done through agentaddress-
# agentaddress: The IP address and port number that the agent will listen on. # By default the agent listens to any and all traffic from any # interface on the default SNMP port (161). This allows you to # specify which address, interface, transport type and port(s) that you # want the agent to listen on. Multiple definitions of this token # are concatenated together (using ':'s). # arguments: [transport:]port[@interface/address],... As I said, neither this format nor the one stated on the web site seem to work (or combinations of the two). Is there a format for ip/port combination that works or will agentaddress only accept ports? Thanks Barry Leggett ----- Original Message ----- From: "Dave Shield" <[email protected]> To: "Barry Leggett" <[email protected]> Cc: <[email protected]> Sent: Wednesday, January 19, 2011 8:54 AM Subject: Re: listening address format > On 18 January 2011 21:42, Barry Leggett <[email protected]> wrote: > > The listening address format is defined as [transport:]hostname[:port] or > > [transport:]IPv4-address[:port] on the web page > > (http://www.net-snmp.org/docs/man/snmpd.html) and > > [transport:]port[@interface/address],... within snmpd.conf, but neither of > > these seem to work. What is the correct format if you want to specify the ip > > address (or address range) and port for each user. > > What do you mean by an "address .. for each user" ? > > The listening address is concerned with the agent as a whole, > not with individual users. > > For example, if the system has three network interfaces: > 10.0.0.1, 172.16.0.1 and 192.168.0.1 > then by default, the agent will listen on all three (plus the loopback address) > But if you start the agent using > > snmpd udp:10.0.0.1 > > then it will *only* listen for connections on this interface > (and not on the other two, or on loopback) > > > > > I have found that specifying ports only does work (eg 1032. 161) but I want > > to restrict the use of a particular port to only certain addresses or range > > of addresses. > > If you want to restrict the *remote* addresses that can connect to > the agent, then this probably isn't the correct approach. > > Have a look at the tcp-wrappers configuration (typically hosts.allow) > instead. > > Dave > > -------------------------------------------------------------------------- ---- > Protect Your Site and Customers from Malware Attacks > Learn about various malware tactics and how to avoid them. Understand > malware threats, the impact they can have on your business, and how you > can protect your company and customers by using code signing. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > Net-snmp-users mailing list > [email protected] > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
