SNMP from WAN

**RERobbins** · 01-27-2019, 07:41 AM

By default, Untangle supports SNMP on non-WAN interfaces. I want to use SNMP from a WAN interface. I assumed that it would suffice to add an Access Rule and did so with Destination Port 161, Protocol UDP, Source Interface Any WAN. My SNMP driven monitoring tool (LibreNMS) failed to see the device when I pointed it at the external IP address. I also added a Filter Rule to permit Destination Port 161, Protocol UDP. Still no luck.

I've read old forum entries on this topic but don't know if anything has changed with more recent Untangle releases. I am running version Build: 14.1.1

As an aside, if I run an OpenVPN session to the device with the OpenVPN client being the machine that hosts LibreNMS I am able to get SNMP to work on the LAN side of things, so I know that SNMP is functioning, but not on the interface I seek.

**donhwyo** · 01-27-2019, 08:15 AM

A network map might help explain what you are trying to do better. If it is working with openvpn seems that is the way to go?

**sky-knight** · 01-27-2019, 09:50 AM

The access rule is all that's required. Those rules determine what access is provided to local services on the Untangle. So if it doesn't work, either your rule is wrong, or something else is wrong.

I also wouldn't put it past a sane ISP to prevent the access of UDP 161, there are a TON of exploits out there going around thanks to that being exposed. If it's not a port being controlled by the ISP, it should be.

**jcoffin** · 01-27-2019, 11:17 AM

Check to see if the added rule is above the Block all rule and the default SNMP rule as it is first rule match exits the matching.

**RERobbins** · 01-27-2019, 11:27 AM

Originally Posted by donhwyo

A network map might help explain what you are trying to do better. If it is working with openvpn seems that is the way to go?

The use case is as follows, we're looking at a LAN with an array of devices being monitored by LibreNMS and an untangle device with a static IP on a separate network -- a totally independent network, different ISP etc. The goal is to be able to monitor the relevant devices on the LAN and the untangle that sits on the edge of the other network. It's that simple.

I suppose the nice thing about coming in through openvpn is that we have the option of monitoring additional devices on the network fronted by the Untangle device if need be.

**RERobbins** · 01-27-2019, 11:29 AM

Originally Posted by sky-knight

The access rule is all that's required. Those rules determine what access is provided to local services on the Untangle. So if it doesn't work, either your rule is wrong, or something else is wrong.

I also wouldn't put it past a sane ISP to prevent the access of UDP 161, there are a TON of exploits out there going around thanks to that being exposed. If it's not a port being controlled by the ISP, it should be.

My rule is as I described -- so unless there's a flaw in that, we need to look at another issue.

Your point about the ISP is well taken.

**RERobbins** · 01-27-2019, 11:35 AM

Originally Posted by jcoffin

Check to see if the added rule is above the Block all rule and the default SNMP rule as it is first rule match exits the matching.

It's above the block all rule. See below.

2019-01-27_12-33-28.png

Thread: SNMP from WAN

LinkBack

Thread Tools

SNMP from WAN

Posting Permissions