[Firehol-support] Outgoing snmp requests blocked by firehol
Alain Tésio
alain at floc2.net
Tue Aug 18 23:34:44 BST 2009
Hi,
I have snmp servers running on machines A and B.
When I start firehol on the machine B, snmp requests from B to A fail
with a timeout.
When firehol is stopped, it works fine.
I can see such a log on the machine B:
Aug 18 08:33:24 sd-18517 kernel: [4671769.087536] ''IN-inet':'IN=eth0
OUT= MAC=00:15:17:9c:be:a8:00:24:97:da:5f:bf:08:00 SRC=IP_A DST=IP_B
LEN=128 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=161 DPT=40361
LEN=108
In the firehol configuration, I have written "server snmp accept".
And anyway this is about outgoing requests, and I have "client accept all"
so I don't understand what is the problem.
It looks like it has problems to recognize that the reply is related to
the outgoing query.
Below is my firehol.conf file.
The machine B is running debian lenny, Kernel is 2.6.26, X86 / 64bits.
Nothing else installed related to network filtering.
Thanks for any hint,
Alain
version 5
home_ips="88.191.109.18 88.191.111.18"
interface eth+ inet
server snmp accept
server http accept
server https accept
server ftp accept
server dns accept
server rndc accept
server smtp accept
server pop3 accept
server ssh accept
server ping accept
server netbios_ns drop
server netbios_dgm drop
server dhcp drop
server ident reject with tcp-reset # be nice and don't let other hosts wait for the timeout
client all accept
More information about the Firehol-support
mailing list