mrtg,snmp与iptables

buick2u

按照坛里面的 http://www.linuxsir.cn/forum.php?mod=viewthread&tid=87790

架设了mrtg，发现开着防火墙就不能工作了。
返回

SNMP Error:
no response received
SNMPv1_Session (remote host: "localhost" [127.0.0.1].161)
                  community: "public"
                 request ID: -1409443907
                PDU bufsize: 8000 bytes
                    timeout: 2s
                    retries: 5
                    backoff: 1)
at /usr/bin/../lib/mrtg2/SNMP_util.pm line 486
SNMPGET Problem for ifInOctets.2 ifOutOctets.2 sysUptime sysName on public@localhost::::::v4only
at /usr/bin/mrtg line 1798
WARNING: skipping because at least the query for ifInOctets.2 on  localhost did not succeed
WARNING: no data for ifInOctets&ifOutOctets:public@localhost. Skipping further queries for Host localhost in this round.
ERROR: Target[localhost_2][_IN_] ' $target->[0]{$mode} ' did not eval into defined data
ERROR: Target[localhost_2][_OUT_] ' $target->[0]{$mode} ' did not eval into defined data
WARNING: Skipping Update of localhost_2, inlast is not defined
WARNING: Skipping Update of localhost_2, outlast is not defined

我的防火墙就一条规则

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

我netstat -na看了一下

snmp 开放了 tcp 199 和udp 161端口，是不是应该加进iptable ?

# MRTG with SNMP
-A INPUT -p udp -m udp -s 127.0.0.1 -d 127.0.0.1 --dport 161 -j ACCEPT
-A INPUT -p tcp -m tcp -s 127.0.0.1 -d 127.0.0.1 --dport 199 -j ACCEPT

还是不行哦

buick2u

天啊
就没有人来帮帮我啊？？？

buick2u

up

buick2u

再没有人来回复我就去自杀！

然后我要遗书里面说是Ｌｉｎｕｘｓｉｒ害了我

buick2u

过分啊！！！！！！！！！

兄弟们就这样见死不救阿

buick2u

终于将问题解决了~
希望和我有同样问题的兄弟能够看到这篇帖子~
在原有的基础上增加：
# allow snmp
/sbin/iptables A INPUT -p udp -m udp -s 127.0.0.1 --dport 161 -j ACCEPT
# allow the third handshake
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

smile787

兄弟自救的功夫强啊！！！！仰慕ing

buick2u

让兄弟们见笑了~

cocu

snmp根本就是UDP,当然不行

Snoopy

防火墙关了能正常使用吗 ?