SNMP over the internet

snmp opennms

Basically, I have a small network where my OpenNMS installation is located on a CentOS 6.4 machine.

Now I have a server(CentOS also) that I want to monitor but is on the internet, with a public address.

I have installed net-snmp on my target server and configured /etc/snmp/snmpd.conf

When I try to do 

snmpwalk -v 2c -c public localhost

on my target system, it returns the expected output.

But running

snmpwalk -v 2c -c public c******2.com

on my OpenNMS server querying against my target server returns a

Timeout: No Response from c******2.com

I tried turning debug on (snmpwalk -v 2c -c public c******2.com -d) and I got this output:

Sending 42 bytes to UDP: [*.*.*.*]:161->[0.0.0.0]

I wonder what could be the problem?

Update:

This is my config inside snmpd.conf

##sec.name  source          community
com2sec local     localhost       private
com2sec national  x.x.x.x/23  public

##group.name sec.model  sec.name
group MyRWGroup  v2c        local
group MyROGroup  v2c        national

##incl/excl subtree                          mask
view all    included  .1                               80

## -or just the mib2 tree-

view mib2   included  .iso.org.dod.internet.mgmt.mib-2 fc


## context sec.model sec.level prefix read   write  notif
access MyROGroup ""      any       noauth    prefix      all    none   none
access MyRWGroup ""      any       noauth    prefix      all    all    all

disk PATH [MIN=100000]

disk / 10000

load 12 14 14

Here is a problem: You haven't actually allowed snmpd to respond to your connections.

com2sec national  x.x.x.x/23  public

You said that this IP address is the IP of the same server running snmpd, which means that only machines within that /23 will be allowed. This is almost certainly not what you want.

To resolve the issue, use the IP address of the machine(s) which will be sending the SNMP requests. If you have multiple IP addresses you will need multiple com2sec lines here. Or you can just use default and then use the firewall to control access.


Just a suggestion for OpenNMS monitoring.

For my remote OpenNMS systems in locations where I don't have a private line or can't use a LAN-to-LAN VPN tunnel, I take a different approach. I use n2n from ntop to create a peer-to-peer tunnel between systems. This is handy in cases where I don't control the firewall(s) at one side or the other or have complex NATing to work against.

I wouldn't advise sending unencrypted SNMP over the internet, though.

Related

Determine which process owns an flock'ed file
Mount --bind versus symlinks
MySQL stopped working - Error 2002 - Unknown Instance
Sophos access a webserver from the web
OpenVPN - Client traffic is not entirely routed through VPN
How do you expand a raid disk array in a dell 2850?
Connectivity restored with `ping`?
Assigning subdomain to a subfolder of ASP.NET application
Permanently Disable/Ignore Secondary Disk?
Soundflower + AU Lab + Mavericks results in incessant clicking
Error while installing Mavericks in a clean hard drive
Cannot switch FaceTime call to iPhone after initiating it on my Mac