[mrtg] Re: MRTG tunneling
bgahl at fireclick.com
Fri Nov 16 18:50:58 MET 2001
At 07:58 AM 11/16/2001 -0800, Dave Williams wrote:
> MRTG indeed uses UDP (SNMP Port 161) and I am pretty certain the SNMP agent
>running on the routers/workstations cannot be changed to use TCP. I suspect
>your firewall rules are setup to allow TCP packets that are established by
>"trusted" hosts to have bidirectional communication with "unstrusted" hosts.
>What you need is firewall software that uses "stateful" rules allowing SNMP
>Replies from "untrusted" hosts to pass through the firewall in response to a
>SNMP Get request from a "trusted" host. Most enterprise firewall products
>can do this. Hope this helps.
And Lars Holmstrom earlier wrote:
>My understanding is that MRTG it self does not use either UDP or TCP. It is
>rather a question for what MRTG is calling. If you for example use a standard
>TARGET based on SNMP you call the module in
>This specific module uses UDP to port 161.
>But you may use MRTG and call any pther program. This program may use TCP
>for its communication.
First off, thanks! Both ideas give me a direction to pursue. Just to
illumine the question a bit, I am using MRTG to talk to the Foundry
hardware and it works just fine. The problem is that I have a NAT'd network
behind the ServerIron's and there are several pieces of Sun hardware back
in there. I'm trying to gather disk usage, paging, CPU and Oracle database
stuff from them. I believe (but don't quote me) that I can redirect TCP
inbound on the ServerIron's (we do this for things like SSH, etc.) but not
UDP, which I would have to do in order to talk to the equipment running
behind the Foundry. So, one of the engineers asked me about the possibility
of using TCP rather than UDP to talk to the Sun's.
Again, thanks for the feedback. If you have anything else to add (based on
what I've told you so far), I'm all ears! :)
Bob Gahl Bicycle (Ryan Vanguard) Mobile || @
ARPA/Internet: bgahl at fireclick.com || !_ \
URL: http://www.fireclick.com/ || (*)-~--+--(*)
"If you're trying to be politically correct you're like a chameleon
in front of a mirror. What can you say that won't be offensive to
somebody?" Robin Williams
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
More information about the mrtg