[mrtg] Re: mrtg of Cisco routers via Internet fails

tom.voussure at sita.be tom.voussure at sita.be
Tue May 11 15:05:37 MEST 2004


thx for the quick reply ...

the firewall is configured correctly.
SNMP (udp 161) is allowed from the mrtg-server to the internet. (and I
don't get any deny's in the firewall logs).

I tried to connect to the wan ip adres of the router and the ethernet, but
the result is the same ...
(ping & telnet works, snmp not)...

I've also created a rule on the firewall that allows any ip traffic between
the mrtg-server and router but it didn't help...

Kind regards,


                      Merton Campbell                                                                                                 
                      Crockett                 To:      tom.voussure at sita.be                                                          
                      <mcc at CATO.GD-AIS         cc:      mrtg at list.ee.ethz.ch                                                          
                      .COM>                    Subject: Re: [mrtg] mrtg of Cisco routers  via Internet fails                          
                      11/05/2004 14:26                                                                                                

On Tue, 11 May 2004 tom.voussure at sita.be wrote:

> But I have a problem with monitoring routers via Internet.
> I have several Internet connection. Some or completely separated from our
> main network.
> So to monitor these routers, i have to go thru a firewall, on the
> to the other router.
> (mrtg server --> firewall --> INTERNET --> router)
> I always get the same error:
> --base: Get Device Info on xxx at
> SNMP Error:
> no response received
> SNMPv1_Session (remote host: "" [].161)
>                   community: ""xxx"
>                  request ID: -1222128975
>                 PDU bufsize: 8000 bytes
>                     timeout: 2s
>                     retries: 5
>                     backoff: 1)
>  at /usr/local/mrtg-2/bin/../lib/mrtg2/SNMP_util.pm line 570
> SNMPWALK Problem for on xxx at
>  at /usr/local/mrtg-2/bin/cfgmaker line 709
> If a try a snmpget i get also "Timeout, no response from ..."

The "no response received" indicates that the firewall is not configured
to allow UDP packets

   (1)             from the "Internet" to the system that is running MRTG
   (2)             to the "Internet" from the system that is running MRTG.

As UDP can be used for downloading malware, you don't want to allow UDP to
cross over your security perimeter.  You need to construct specific rules
that allow UDP port 161 traffic between your routers and the MRTG system.
Also, be sure to specify the IP address of the router that is "nearest"
the MRTG system.

Merton Campbell Crockett

BEGIN:                                                 vcard
VERSION:                                   3.0
FN:                                              Merton Campbell Crockett
ORG:                                             General Dynamics Advanced
Information Systems;
                                                 Intelligence and
Exploitation Systems
N:                                               Crockett;Merton;Campbell
EMAIL;TYPE=internet:                       mcc at CATO.GD-AIS.COM
TEL;TYPE=work,voice,msg,pref:        +1(805)497-5045
TEL;TYPE=work,fax:                         +1(805)497-5050
TEL;TYPE=cell,voice,msg:             +1(805)377-6762
END:                                             vcard

Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list