[mrtg] Re: MRTG tunneling

Robert Gahl bgahl at fireclick.com
Fri Nov 16 18:50:58 MET 2001


At 07:58 AM 11/16/2001 -0800, Dave Williams wrote:
>  MRTG indeed uses UDP (SNMP Port 161) and I am pretty certain the SNMP agent
>running on the routers/workstations cannot be changed to use TCP.  I suspect
>your firewall rules are setup to allow TCP packets that are established by
>"trusted" hosts to have bidirectional communication with "unstrusted" hosts.
>What you need is firewall software that uses "stateful" rules allowing SNMP
>Replies from "untrusted" hosts to pass through the firewall in response to a
>SNMP Get request from a "trusted" host.  Most enterprise firewall products
>can do this.  Hope this helps.

And Lars Holmstrom earlier wrote:

>My understanding is that MRTG it self does not use either UDP or TCP. It is
>rather a question for what MRTG is calling. If you for example use a standard
>TARGET based on SNMP you call the module in
><MRTGpath>/lib/mrtg2/SNMP_session.pl
>
>This specific module uses UDP to port 161.
>
>But you may use MRTG and call any pther program. This program may use TCP
>for its communication.

First off, thanks! Both ideas give me a direction to pursue. Just to 
illumine the question a bit, I am using MRTG to talk to the Foundry 
hardware and it works just fine. The problem is that I have a NAT'd network 
behind the ServerIron's and there are several pieces of Sun hardware back 
in there. I'm trying to gather disk usage, paging, CPU and Oracle database 
stuff from them. I believe (but don't quote me) that I can redirect TCP 
inbound on the ServerIron's (we do this for things like SSH, etc.) but not 
UDP, which I would have to do in order to talk to the equipment running 
behind the Foundry. So, one of the engineers asked me about the possibility 
of using TCP rather than UDP to talk to the Sun's.

Again, thanks for the feedback. If you have anything else to add (based on 
what I've told you so far), I'm all ears! :)


===
Bob Gahl Bicycle (Ryan Vanguard) Mobile ||     @
   ARPA/Internet: bgahl at fireclick.com    ||  !_ \
     URL: http://www.fireclick.com/      ||  (*)-~--+--(*)
"If you're trying to be politically correct you're like a chameleon
in front of a mirror. What can you say that won't be offensive to
somebody?" Robin Williams


--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi



More information about the mrtg mailing list