[mrtg] Re: Firewall

[Purvis, William]

Hi Tom:
	MRTG does not use TCP natively.  MRTG uses SNMP which uses UDP port
161.  UDP is a connectionless protocol (i.e. send and forget).  With most
secure organizations, they do not let SNMP go through a firewall.  Therefore
you might want to consider putting a system outside the firewall and having
the MRTG collect from the untrusted side.  Otherwise, if you want to have
SNMP traffic across your firewall, you will need to open up UDP port 161
(and 162 if your receiving any traps).  If you want to proxy this, then you
will need to configure MRTG with either the real IP Address of the router or
the proxied (NATed) address.

Regards,

William Reid Purvis
Compaq Professional Services,
ITP - Infrastructure & Technology Planning Group
e-mail: william.purvis at compaq.com


-----Original Message-----
From: Tom Craig [mailto:tcraig at board.ugdsb.on.ca]
Sent: Tuesday, 20 March 2001 9:13 AM
To: MRTG
Subject: [mrtg] Firewall



I am trying to probe a router on the outside of our firewall.  What TCP port
do I need to open to get at this router.  Do I need to open both internal to
external and external to internal proxies?

Thanks.

Cheers,

Tom

Tom Craig
Supervisor of Information Technology
Upper Grand District School Board
500 Victoria Rd N
Guelph, ON
N1E 6K2
(519) 822-4420 ext 750


--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi