Discussion:
snmpwalk timeout
Michael Lowery
2002-01-21 13:38:08 UTC
Permalink
Hi, I'm having a problem getting ucd-snmp to work properly. I'm running
4.2.3-1 on RedHat 7.1.

I can run snmpwalk from this system to other systems, but not to the
local system for some reason. I get the "Timeout: no response from
localhost" message when I run the [ snmpwalk localhost public system ]
command.

My snmpd.conf file is located in /usr/share/snmp/ and contains the
folliwing entries:

com2sec mysec 192.168.1.0/24 public
group mygroup v2c mysec
view all included system
access mygroup "" any noauth prefix all none none

The IP of the box is 192.168.1.47.

In /var/log/messages, I get a message that says:
Jan 21 09:01:12 linux1 ucd-snmp[24627]: Receved SNMP packet(s) from
127.0.0.1

ps -elf | grep snmpd gives the following:
140 S root 24627 1 0 69 - 1018 do_sel 09:00 pts/0 00:00:00
/usr/sbin/snmpd -s -l /dev/null -P /var/run/snmpd -a


Is there something I'm missing? I have tried making com2sec and related
entries dealing with localhost and 127.0.0.1, but no luck there either.
Any suggestions would be welcome!

Thank you,

Michael Lowery
Dave Shield
2002-01-21 15:03:03 UTC
Permalink
Post by Michael Lowery
I can run snmpwalk from this system to other systems, but not to the
local system for some reason. I get the "Timeout: no response from
localhost" message when I run the [ snmpwalk localhost public system ]
command.
Yes - you will.
Your configuration is not set up to allow any access from localhost.
Post by Michael Lowery
My snmpd.conf file is located in /usr/share/snmp/ and contains the
com2sec mysec 192.168.1.0/24 public
group mygroup v2c mysec
view all included system
access mygroup "" any noauth prefix all none none
Try adding the lines

com2sec mylocal 127.0.0.1 public
group mygroup v2c mylocal
Post by Michael Lowery
The IP of the box is 192.168.1.47.
But the IP address of 'localhost' is 127.0.0.1
I suspect if you tried snmpwalk specifying the actual IP address
of the box, things would work.
Post by Michael Lowery
I have tried making com2sec and related
entries dealing with localhost and 127.0.0.1, but no luck there either.
That was the (probably) the correct approach.
Without knowing what precisely you'd tried, it's difficult to guess
what might have been wrong. If pressed, I'd hazard a guess that you
re-used the security name 'mysec', and I'm not convinced that would
work. But having two difference security names, and merging them at
the group level ought to be OK.

Suck it and see.

Dave
Michael Lowery
2002-01-21 18:48:04 UTC
Permalink
Thanks for the help Dave, but I'm still having the same problem. I am
not sure what could be causing this, I know it is not my firewall
settings because I have flushed them and it still will not work. I have
also configured iptables to not start, then rebooted. I have tried
using the various IP addresses on the machine, but still no response.
Is there a debugging mode I can go into that would help me solve this?

I added the following to snmpd.conf:

com2sec local1 127.0.0.1 public
group local1group v2c local1

Then ran the following command:

snmpwalk localhost public system

and got the following response:
Timeout: No Response from localhost

I also tried:
snmpwalk 192.168.1.47 public system

and received:
Timeout: No Response from 192.168.1.47

Each time I get a message in var log:
Jan 21 xx:xx:xx linux1 ucd-snmp[24627]: Receved SNMP packet(s) from
127.0.0.1

-----Original Message-----
From: Dave Shield [mailto:***@csc.liv.ac.uk]
Sent: Monday, January 21, 2002 11:02 AM
To: Michael Lowery
Cc: Net-Snmp-***@Lists. Sourceforge. Net (E-mail)
Subject: Re: snmpwalk timeout
Post by Michael Lowery
I can run snmpwalk from this system to other systems, but not to the
local system for some reason. I get the "Timeout: no response from
localhost" message when I run the [ snmpwalk localhost public system ]
command.
Yes - you will.
Your configuration is not set up to allow any access from localhost.
Post by Michael Lowery
My snmpd.conf file is located in /usr/share/snmp/ and contains the
com2sec mysec 192.168.1.0/24 public
group mygroup v2c mysec
view all included system
access mygroup "" any noauth prefix all none none
Try adding the lines

com2sec mylocal 127.0.0.1 public
group mygroup v2c mylocal
Post by Michael Lowery
The IP of the box is 192.168.1.47.
But the IP address of 'localhost' is 127.0.0.1
I suspect if you tried snmpwalk specifying the actual IP address
of the box, things would work.
Post by Michael Lowery
I have tried making com2sec and related
entries dealing with localhost and 127.0.0.1, but no luck there
either.

That was the (probably) the correct approach.
Without knowing what precisely you'd tried, it's difficult to guess
what might have been wrong. If pressed, I'd hazard a guess that you
re-used the security name 'mysec', and I'm not convinced that would
work. But having two difference security names, and merging them at
the group level ought to be OK.

Suck it and see.

Dave
Dave Shield
2002-01-22 07:06:03 UTC
Permalink
This post might be inappropriate. Click to display it.
Dave Shield
2002-01-23 08:10:08 UTC
Permalink
Ok, I can now perform an snmpwalk... I had to add an entry in the group
section for v1. It wouldn't work with just the entry for v2c. What
causes that?
Well, SNMPv1 and SNMPv2c are different protocols.
You might want to handle the same community string
differently, depending on which protocol was used.

So the security-name to group mapping is done on a per-version basis.
If you only supply a v2c mapping, this won't be used for v1 requests.

(Strictly speaking this mapping is done on a security-model basis,
rather than per-version, but that distinction only becomes important
with SNMPv3)

Sorry I didn't spot this earlier, but at least you've got it fixed now.

Dave

Loading...