Community discussions

MUM Europe 2020
 
AdamGweleg
just joined
Topic Author
Posts: 14
Joined: Wed May 29, 2019 1:34 am

Snmp forwarding

Thu Dec 05, 2019 2:33 am

Hello guys

Please I need help

I have my main mikrotik router 1100 with public ip on eth 1 154.73.xxx.xxx and on eth2 there are 30+ rb951 connected to ether 2 on network 192.168.11.0/24

and also I have VPS server with public ip 107.173.xxx.xxx

I'm running PRTG Server on the VPS to monitor my router.
I can successfully monitor the main router troug its public ip 154.73.xxx.xxx but now I want to monitor the other routers on eth2 but the routers doesn't have public ip, so I tried to port forward udp161 the snmp port but is doesnt work

I tried the following:

/ip firewall nat add chain= distant dst-address=154.73.xxx.xxx protocol = udp dst-port= 1611 action= DST-nat to-address= 192.168.11.13 to-ports=161

But when I add new device to PRTG Server using 154.73.xxx.xxx:1611 is not pulling anything from the router, and also the rule static is showing 0 packets.

Please help
And thanks in advance
 
AdamGweleg
just joined
Topic Author
Posts: 14
Joined: Wed May 29, 2019 1:34 am

Re: Snmp forwarding

Sat Dec 07, 2019 7:26 pm

Any update guys ?
 
Sob
Forum Guru
Forum Guru
Posts: 4887
Joined: Mon Apr 20, 2009 9:11 pm

Re: Snmp forwarding  [SOLVED]

Sat Dec 07, 2019 8:56 pm

If rule's counter shows zero, it means that no matching packet arrived.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
AdamGweleg
just joined
Topic Author
Posts: 14
Joined: Wed May 29, 2019 1:34 am

Re: Snmp forwarding

Sat Dec 07, 2019 9:54 pm

Do you have any point I can start from to investigate the issue?
 
Sob
Forum Guru
Forum Guru
Posts: 4887
Joined: Mon Apr 20, 2009 9:11 pm

Re: Snmp forwarding

Sat Dec 07, 2019 10:13 pm

I assume that "chain= distant" is either typo or some automatic "correction". Otherwise dstnat happens before filter, so it can't be blocking it on this router. It could be blocked by another dstnat rule that would be before this one and would also match, e.g. if you'd be doing 1:1 NAT for everything that comes to 154.73.xxx.xxx. If it's not this, then look at the other side, if packets are really sent from VPS.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: MSN [Bot] and 37 guests