Community discussions

MikroTik App
 
jarosoup
Long time Member
Long time Member
Topic Author
Posts: 596
Joined: Sun Aug 22, 2004 9:02 am

SNMP service on a certain interface

Sun Jan 23, 2005 10:49 pm

I've been having problems getting SNMP to work on my local Mikrotik gateway. I've setup other Mikrotiks just fine for SNMP. My gateway is a Soekris 4801 with all 3 ethernet ports enabled. I get a response when doing an snmpwalk from the internal lan on the ether2 port (port2), but nothing from the external interface on ether1 (port1). I've got firewall rules allowing UDP:161 on the ether1 port and see the accepts just fine, but SNMP service is not responding on this ethernet port. Do I need to redirect to an internal lan port to get a response? Is there a way to tell SNMP to listen only on the external port ether1?

Edit: Running 2.8.23, upgraded from 2.8.21 which had the same problem.
 
jarosoup
Long time Member
Long time Member
Topic Author
Posts: 596
Joined: Sun Aug 22, 2004 9:02 am

Sun Jan 23, 2005 11:34 pm

After some testing, I've found out why I don't get the replies. My WAN port, ether1, has multiple public IP addresses assigned to it. say, 1.1.1.1 and 1.1.1.2. I'm sending a remote request to 1.1.1.1:161 and see the accept in the input chain of the firewall. The output chain however shows an accept out *from* 1.1.1.2:161. If I send the request to 1.1.1.2:161 I get a reply from the same IP and the SNMP request is successful. Is there some way to keep the request and reply addresses the same if using more than one ip on the same interface? Thanks.
 
jarosoup
Long time Member
Long time Member
Topic Author
Posts: 596
Joined: Sun Aug 22, 2004 9:02 am

Mon Jan 24, 2005 7:35 am

Well, answering my own question...had to add the right ip as the preferred source for my gateway.
 
breili
just joined
Posts: 13
Joined: Thu Jan 27, 2011 11:09 am

Re: SNMP service on a certain interface

Wed Feb 22, 2017 1:03 pm

Hi,

I've hit the same here. In my case the snmp query is sent to the loopback interface of the router from an directly connected network and the router replies with an source IP of the directly connected interface.

It would be nice if it would be possible to bind snmp to a specific interface or IP.

Policy routing (mark outbound in mangle table then use the tag to route with correct source) or nat works as work around. It would still be good to be able to bind to an specific ip/interface to avoid these band aids.

Kind regards,
Andre

Who is online

Users browsing this forum: Ahrefs [Bot], andreacar, DMITRYB, GoogleOther [Bot], sebus46, tarfox and 60 guests