Firewalld blocking SNMP traffic...incoming?

Support for security such as Firewalls and securing linux
Post Reply
Morty79
Posts: 2
Joined: 2017/06/20 01:08:04

Firewalld blocking SNMP traffic...incoming?

Post by Morty79 » 2017/06/20 01:20:33

Hi folks
I set up a new Cacti/Nagios server. I can monitor all internal networks fine. However when I try to monitor a Router on the other end of a site to site vpn the traffic is getting dropped. I verified this by shutting the firewall off then doing an snmpwalk to the device. Works fine with the FW off.

Also, I did a packet capture of the traffic on the for side of the vpn and it appears the requests are hitting the device so I am thinking they are getting dropped at the FW on the way in. Any suggestions on what I could be missing?

Thanks

firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client http https snmp ssh
ports: 161/tcp 162/udp 161/udp 162/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

Morty79
Posts: 2
Joined: 2017/06/20 01:08:04

Re: Firewalld blocking SNMP traffic...incoming?

Post by Morty79 » 2017/06/20 13:06:32

Another thing I noticed is that if I run systemctl disable firewalld The snmp walk still does not work. Only way I can get the snmpwalk to work is to run systemctl stop firewalld

User avatar
TrevorH
Forum Moderator
Posts: 29441
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Firewalld blocking SNMP traffic...incoming?

Post by TrevorH » 2017/06/20 13:21:43

disable just stops it from starting, it doesn't stop it if it's running.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

DateMike
Posts: 27
Joined: 2016/12/07 06:24:03

Re: Firewalld blocking SNMP traffic...incoming?

Post by DateMike » 2020/06/09 16:04:08

Hi,

Was this ever resolved?

I'm running in to the same issue, I have snmp added on the service side as well as the ports open, exactly as you've listed above.

Getting a timeout response, but if I stop the firewall it works fine.

Post Reply

Return to “CentOS 7 - Security Support”