SNMP Support

[martin.schaible]

Hello

I have installed "net-SNMP". I enabled the service, i have added a valid "SNMP Community" and the "Listen IP". I learned, that the "Listen IP" is the IP-Address of the Firewall, eg. LAN and NOT the IP-address of the monitoring server.

Do i need to do more?

My monitoring server does not receive data from the Firewall at all.

Thanks!

[fabian]

A firewall rule to pass incoming traffic?

[mimugmail]

How should the field "Listen IP" worded so that someone knows it should be the local IP address to listen to, as it would otherwise listen to all IPs (leave blank would also be ok)?

[franco]

Hide under advanced?


Cheers,
Franco

[martin.schaible]

"Hide under Advanced" -> where to find?

The monitoring server is in the LAN, therefore no rule is needed. Usualy a SNMP Service has entries like:
- Limit SNMP packets to specific hosts
- Trap Destination
- Send Auth Trap

Thanks!

[hbc]

There is no SNMP trap support in gui and hey: OPNsense is a firewall. To limit SNMP to specific hosts, just create a  rule 

[FraLem]

I would suggest to check with tcpdump -i xxx port 161 if the snmp query is reaching the firewall
In my case I didn`t quite get the meaning of lisening Ip, therefore blanck and rule in the WAN interface.

[martin.schaible]

As i wrote, the monitoring server is in the LAN, not WAN. Therefore no rules needed to access them from LAN.

I think, that SNMP has a general problem on my box, while no data is coming at all.

[bewue]

Do you have a rule on the LAN interface to allow SNMP traffic?
In the next step check if the SNMP query is received by the firewall like FraLem was mentioning.
Then we can look further.

[martin.schaible]

Ahh, i really had to add a rule from my Monitoring Server as the "Source" to "This Firewall".

Thank you!