[mrtg] Re: MRTG tunneling

[Dave Williams]

 MRTG indeed uses UDP (SNMP Port 161) and I am pretty certain the SNMP agent
running on the routers/workstations cannot be changed to use TCP.  I suspect
your firewall rules are setup to allow TCP packets that are established by
"trusted" hosts to have bidirectional communication with "unstrusted" hosts. 
What you need is firewall software that uses "stateful" rules allowing SNMP
Replies from "untrusted" hosts to pass through the firewall in response to a
SNMP Get request from a "trusted" host.  Most enterprise firewall products
can do this.  Hope this helps. 

Lars Holmström wrote: Robert, 

My understanding is that MRTG it self does not use either UDP or TCP. It is 
rather a question for what MRTG is calling. If you for example use a
standard
TARGET based on SNMP you call the module in 
<MRTGpath>/lib/mrtg2/SNMP_session.pl 

This specific module uses UDP to port 161. 

But you may use MRTG and call any pther program. This program may use TCP
for
its communication. 

/Lars 

Robert Gahl wrote: 

> We have a situation where we can't use UDP to gather the OID data (systems

> exist behind a Foundry and the configuration of that beast precludes UDP).

> However, we'd still like to use MRTG to gather data from the hardware. 
> Granted, we could configure some box behind the Foundry's to gather data 
> and then view it, indirectly. 
> 
> However, the question came up as to whether or not MRTG can use TCP rather

> than UDP? Scanning the documentation, I don't see any mention of this, so
I
> figure the answer is now. But, I wanted to ask the group at large before I

> report a conclusive negative. 
> 
> Thanks for any information you can provide. 
> 
> === 
> Bob Gahl Bicycle (Ryan Vanguard) Mobile ||     @ 
>    ARPA/Internet: bgahl at fireclick.com    ||  !_ \ 
>      URL: http://www.fireclick.com/[1]      ||  (*)-~--+--(*) 
> "If you're trying to be politically correct you're like a chameleon 
> in front of a mirror. What can you say that won't be offensive to 
> somebody?" Robin Williams 
> 
> -- 
> Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe[2] 
> Archive     http://www.ee.ethz.ch/~slist/mrtg[3] 
> FAQ         http://faq.mrtg.org[4]    Homepage     http://www.mrtg.org[5] 
> WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi[6] 

-- 
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe[7] 
Archive     http://www.ee.ethz.ch/~slist/mrtg[8] 
FAQ         http://faq.mrtg.org[9]    Homepage     http://www.mrtg.org[10] 
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi[11] 

--- Links ---
   1 http://www.fireclick.com/
   2 mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
   3 http://www.ee.ethz.ch/~slist/mrtg
   4 http://faq.mrtg.org
   5 http://www.mrtg.org
   6 http://www.ee.ethz.ch/~slist/lsg2.cgi
   7 mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
   8 http://www.ee.ethz.ch/~slist/mrtg
   9 http://faq.mrtg.org
  10 http://www.mrtg.org
  11 http://www.ee.ethz.ch/~slist/lsg2.cgi
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi