Page 1 of 1

Firewalld blocking SNMP traffic...incoming?

Posted: 2017/06/20 01:20:33
by Morty79
Hi folks
I set up a new Cacti/Nagios server. I can monitor all internal networks fine. However when I try to monitor a Router on the other end of a site to site vpn the traffic is getting dropped. I verified this by shutting the firewall off then doing an snmpwalk to the device. Works fine with the FW off.

Also, I did a packet capture of the traffic on the for side of the vpn and it appears the requests are hitting the device so I am thinking they are getting dropped at the FW on the way in. Any suggestions on what I could be missing?

Thanks

firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client http https snmp ssh
ports: 161/tcp 162/udp 161/udp 162/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

Re: Firewalld blocking SNMP traffic...incoming?

Posted: 2017/06/20 13:06:32
by Morty79
Another thing I noticed is that if I run systemctl disable firewalld The snmp walk still does not work. Only way I can get the snmpwalk to work is to run systemctl stop firewalld

Re: Firewalld blocking SNMP traffic...incoming?

Posted: 2017/06/20 13:21:43
by TrevorH
disable just stops it from starting, it doesn't stop it if it's running.

Re: Firewalld blocking SNMP traffic...incoming?

Posted: 2020/06/09 16:04:08
by DateMike
Hi,

Was this ever resolved?

I'm running in to the same issue, I have snmp added on the service side as well as the ports open, exactly as you've listed above.

Getting a timeout response, but if I stop the firewall it works fine.