Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 2 subscribers
  • Views 6104 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNMP blocked/drop

nf
Not sure what is going on but i have enabled snmp monitoring for internal use, created firewall rule that mentions
Source: internal network
Service: snmp
dest: any
allow

and it still drops ?


This thread was automatically locked due to age.
  • 0
    Please show a relevant line from the Firewall log file Not from the Live Log).

    Cheers - Bob
  • 0 in reply to BAlfson
    I believe this is it, my mgmt station (opmanager is .135)

    2014:07:07-11:28:13 sslvpn ulogd[4593]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="0:15:5d:a:7f:2" dstmac="0:1a:8c:50:18:24" srcip="10.10.10.135" dstip="10.10.10.1" proto="1" length="60" tos="0x00" prec="0x00" ttl="128" type="8" code="0" 
    2014:07:07-11:28:14 sslvpn ulogd[4593]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x307c" app="124" srcmac="0:24:c4:5e:2e:89" dstmac="0:1a:8c:50:18:25" srcip="27.54.48.115" dstip="24.249.210.72" proto="17" length="100" tos="0x00" prec="0x00" ttl="104" srcport="53" dstport="34232" 
    2014:07:07-11:28:14 sslvpn ulogd[4593]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="0:15:5d:a:7f:2" dstmac="0:1a:8c:50:18:24" srcip="10.10.10.135" dstip="10.10.10.1" proto="1" length="60" tos="0x00" prec="0x00" ttl="128" type="8" code="0" 
    2014:07:07-11:28:17 sslvpn ulogd[4593]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="0:15:5d:a:7f:2" dstmac="0:1a:8c:50:18:24" srcip="10.10.10.135" dstip="10.10.10.1" proto="1" length="60" tos="0x00" prec="0x00" ttl="128" type="8" code="0" 
    2014:07:07-11:28:17 sslvpn ulogd[4593]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:24:c4:5e:2e:89" dstmac="0
  • 0
    Pinging is regulated on he 'ICMP' tab in 'Firewall' for LANs connected to interfaces with no defined default gateway.

    Cheers - Bob
  • 0 in reply to BAlfson
    Bob, thanks for the quick reply. so if i only want the internal ip address pingable then here is where is should look (attached)
  • 0
    For allowing 10.10.10.1 to be pingable only from "Internal (Network)" to 10.10.10.1, I would use a firewall rule like 'ALLOW : Internal (Network) -> Ping -> Internal (Address)'.

    Cheers - Bob
  • 0 in reply to BAlfson
    thats what i thought i had done before so i did it again and no luck? (attached)
  • 0
    Let's look at the firewall log again...

    Cheers - Bob
  • 0 in reply to BAlfson
    now the firewall log shows nothing when I test?
  • 0 in reply to nf
    weird, didn't show anything in the log till I opened up a search then it showed this.
    /var/log/packetfilter.log:2014:07:08-08:51:12 sslvpn ulogd[4593]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3146" app="326" srcmac="0:15:5d:a:7f:2" dstmac="0:1a:8c:50:18:24" srcip="10.10.10.135" dstip="10.10.10.1" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    /var/log/packetfilter.log:2014:07:08-08:51:13 sslvpn ulogd[4593]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3146" app="326" srcmac="0:15:5d:a:7f:2" dstmac="0:1a:8c:50:18:24" srcip="10.10.10.135" dstip="10.10.10.1" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    /var/log/packetfilter.log:2014:07:08-08:51:15 sslvpn ulogd[4593]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3146" app="326" srcmac="0:15:5d:a:7f:2" dstmac="0:1a:8c:50:18:24" srcip="10.10.10.135" dstip="10.10.10.1" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
  • 0
    I don't know what the topology of your network is, but that's a NETBIOS call that I wouldn't expect to see arriving at the Internal interface.

    Cheers - Bob