System info
--------------------
net-snmp-5.3.1, Linux, PPC
Problem
------------
v3 informs are not sent when firewall (iptables on Linux) is active.
Problem Analysis
--------------------------
Net-snmp sends an engineID probe when creating an Inform PDU.
Because of the firewall, the probe response (which is sent to a random
udp port) is blocked.
Solution Analysis (questions)
-----------------------------------------
1) Maybe there is a way configure the Probe's port (currently is a
random client udp port).?
2) Maybe can disable the probe.
why do we need?
I mean, the remote engineID is already configured for the specified
v3 user, we can take it from there.
3) Would using SNMP-ALG (kernel module) help?
I heared it could be used, so the iptables can look into the snmp
packet and see which port is used for listening to the response,
and open that udp-port for INPUT, for certain amount of time. Is
that true?
Thanks,
Erez.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
