[Firehol-support] Outgoing snmp requests blocked by firehol

Alain T├ęsio alain at floc2.net
Tue Aug 18 23:34:44 BST 2009


I have snmp servers running on machines A and B.

When I start firehol on the machine B, snmp requests from B to A fail 
with a timeout.
When firehol is stopped, it works fine.

I can see such a log on the machine B:

Aug 18 08:33:24 sd-18517 kernel: [4671769.087536] ''IN-inet':'IN=eth0 
OUT= MAC=00:15:17:9c:be:a8:00:24:97:da:5f:bf:08:00 SRC=IP_A DST=IP_B 
LEN=128 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=161 DPT=40361 

In the firehol configuration, I have written "server snmp accept".
And anyway this is about outgoing requests, and I have "client accept all"
so I don't understand what is the problem.

It looks like it has problems to recognize that the reply is related to
the outgoing query.

Below is my firehol.conf file.

The machine B is running debian lenny, Kernel is 2.6.26, X86 / 64bits.
Nothing else installed related to network filtering.

Thanks for any hint,


version 5


interface eth+ inet

server snmp accept

server http accept
server https accept
server ftp accept
server dns accept
server rndc accept
server smtp accept
server pop3 accept
server ssh accept
server ping accept

server netbios_ns drop 
server netbios_dgm drop 
server dhcp drop

server ident reject with tcp-reset # be nice and don't let other hosts wait for the timeout

client all accept

More information about the Firehol-support mailing list