net-snmp comes with snmpd server which is an SNMP agent which binds to a port and awaits requests from SNMP management software. By default it binds to localhost (127.0.0.1) only.
[<transport-specifier>:]<transport-address>
Few Examples
127.0.0.1:161 listen on UDP port 161, but only on the loopback interface. This prevents snmpd being queried remotely. The
port specification ":161" is not strictly necessary since that is the default SNMP port.
TCP:1161 listen on TCP port 1161 on all IPv4 interfaces.
ipx:/40000 listen on IPX port 40000 on all IPX interfaces.
unix:/tmp/local-agent listen on the Unix domain socket /tmp/local-agent.
/tmp/local-agent is identical to the previous specification, since the Unix domain is assumed if the first character of the
is '/'.
PVC:161 listen on the AAL5 permanent virtual circuit with VPI=0 and VCI=161 (decimal) on the first ATM adapter in the
machine.
udp6:10161 listen on port 10161 on all IPv6 interfaces.
CentOS / RHEL / Fedora Linux Specific Configuration
# vi /etc/sysconfig/snmpd.optionsUncomment OPTIONS line. Add -x option as follows to listen on default port 161 and IP 127.0.0.1 and 192.168.1.254
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x 127.0.0.1 192.168.1.254"Save and close the file. Reload the changes:
# service snmpd reloadUpdate /etc/sysconfig/iptables firewall configuration to allow communication at udp port 161:
# vi /etc/sysconfig/iptablesOnly accept connection only from 192.168.1.0/24 to UDP port 161, enter:
-A RH-Firewall-1-INPUT -p udp s 192.168.1.0/24 -m udp --dport 161 -j ACCEPTFinally, restart iptables service:
# service iptables restartYou may also need to update your /etc/snmp/snmpd.conf to setup correct public community and other ACL settings. Refer snmpd.conf man page for more details.
No comments:
Post a Comment