Results 1 to 7 of 7

Thread: SNMP from WAN

  1. #1
    Untangler
    Join Date
    Oct 2015
    Posts
    54

    Default SNMP from WAN

    By default, Untangle supports SNMP on non-WAN interfaces. I want to use SNMP from a WAN interface. I assumed that it would suffice to add an Access Rule and did so with Destination Port 161, Protocol UDP, Source Interface Any WAN. My SNMP driven monitoring tool (LibreNMS) failed to see the device when I pointed it at the external IP address. I also added a Filter Rule to permit Destination Port 161, Protocol UDP. Still no luck.

    I've read old forum entries on this topic but don't know if anything has changed with more recent Untangle releases. I am running version Build: 14.1.1

    As an aside, if I run an OpenVPN session to the device with the OpenVPN client being the machine that hosts LibreNMS I am able to get SNMP to work on the LAN side of things, so I know that SNMP is functioning, but not on the interface I seek.

  2. #2
    Untangler
    Join Date
    May 2008
    Posts
    546

    Default

    A network map might help explain what you are trying to do better. If it is working with openvpn seems that is the way to go?

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    The access rule is all that's required. Those rules determine what access is provided to local services on the Untangle. So if it doesn't work, either your rule is wrong, or something else is wrong.

    I also wouldn't put it past a sane ISP to prevent the access of UDP 161, there are a TON of exploits out there going around thanks to that being exposed. If it's not a port being controlled by the ISP, it should be.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,682

    Default

    Check to see if the added rule is above the Block all rule and the default SNMP rule as it is first rule match exits the matching.
    Last edited by jcoffin; 01-27-2019 at 11:29 AM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Oct 2015
    Posts
    54

    Default

    Quote Originally Posted by donhwyo View Post
    A network map might help explain what you are trying to do better. If it is working with openvpn seems that is the way to go?
    The use case is as follows, we're looking at a LAN with an array of devices being monitored by LibreNMS and an untangle device with a static IP on a separate network -- a totally independent network, different ISP etc. The goal is to be able to monitor the relevant devices on the LAN and the untangle that sits on the edge of the other network. It's that simple.

    I suppose the nice thing about coming in through openvpn is that we have the option of monitoring additional devices on the network fronted by the Untangle device if need be.

  6. #6
    Untangler
    Join Date
    Oct 2015
    Posts
    54

    Default

    Quote Originally Posted by sky-knight View Post
    The access rule is all that's required. Those rules determine what access is provided to local services on the Untangle. So if it doesn't work, either your rule is wrong, or something else is wrong.

    I also wouldn't put it past a sane ISP to prevent the access of UDP 161, there are a TON of exploits out there going around thanks to that being exposed. If it's not a port being controlled by the ISP, it should be.
    My rule is as I described -- so unless there's a flaw in that, we need to look at another issue.

    Your point about the ISP is well taken.

  7. #7
    Untangler
    Join Date
    Oct 2015
    Posts
    54

    Default

    Quote Originally Posted by jcoffin View Post
    Check to see if the added rule is above the Block all rule and the default SNMP rule as it is first rule match exits the matching.
    It's above the block all rule. See below.

    2019-01-27_12-33-28.png

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2