Hi guys,
I have been struggling with a problem for a bit of time now, and thought that
it might be time to post here to see what information anyone knows about this.
Firstly let me give you some background. I am trying to monitor computers on
a local subnet behind a shorewall firewall via snmp. Due to identical local
subnets I am using the netmap feature to access these machines. That part all
works nicely e.g. 172.20.7.5 maps, and routes to 192.168.0.5 which is behind
firewall 123.243.7.40. I can ssh and connect back and forth without a drama.
However when I try to use snmp I am finding that it the packet that is sent
back is broken. Here is an example of what I mean.
1. Working
snmpwalk -v 2c -c test 123.243.7.40
IP-MIB::ipAdEntAddr.127.0.0.1 = IpAddress: 127.0.0.1
IP-MIB::ipAdEntAddr.123.243.7.40 = IpAddress: 123.243.7.40
IP-MIB::ipAdEntAddr.172.20.7.5 = IpAddress: 172.20.7.5
IP-MIB::ipAdEntAddr.192.168.0.5 = IpAddress: 192.168.0.5
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.123.243.7.40 = INTEGER: 4
IP-MIB::ipAdEntIfIndex.172.20.7.5 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.192.168.0.5 = INTEGER: 2
IP-MIB::ipAdEntNetMask.127.0.0.1 = IpAddress: 255.0.0.0
IP-MIB::ipAdEntNetMask.123.243.7.40 = IpAddress: 255.255.255.255
IP-MIB::ipAdEntNetMask.172.20.7.5 = IpAddress: 255.255.255.255
IP-MIB::ipAdEntNetMask.192.168.0.5 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntBcastAddr.127.0.0.1 = INTEGER: 0
IP-MIB::ipAdEntBcastAddr.123.243.7.40 = INTEGER: 0
IP-MIB::ipAdEntBcastAddr.172.20.7.5 = INTEGER: 1
IP-MIB::ipAdEntBcastAddr.192.168.0.5 = INTEGER: 1
2. Broken
snmpwalk -v 2c -c test 172.20.7.5
IP-MIB::ipAdEntAddr.127.0.0.1 = IpAddress: 127.0.0.1
IP-MIB::ipAdEntAddr.123.243.7.40 = IpAddress: 123.243.7.40
IP-MIB::ipAdEntAddr.172.20.7.5 = IpAddress: 172.20.7.5
Timeout: No Response from 172.20.7.5
After using tcpdump to obtain the actual packets that are being transfered it
turns out that packet is being garbled along the way.
Below is an example of what the packet looks like when it's broken:
1.3.6.1.2.1.4.20.1.1.192.168.0.5: 172.168.0.5 (172.168.0.5)
So when the agent receives this packet it is being told that
192.168.0.5 = 172.168.0.5, now the agent is unable to translate that into
anything useful, so it attempts to get the same information again, and it gets
the same response. then after the maxium retries it gives up.
Through many hours of debugging and banging my head against the wall, I have
finally discovered that the issue is with shorewall, as I have stopped shorewall
and the packets come through as per example 1, but as soon as you start it again
it breaks as per example 2.
Network Layout:
-----------------
| ONMS |
| 172.10.239.1 |
| (vpn) |
| 150.101.222.88 |
------------------
/ \
/ \
Network 1 / \ Network 2
--------------------------------------- ------------------------------------
| firewall 1 | | firewall 1 |
| 192.10.239.5 | | 192.10.239.9 |
| (vpn) | | (vpn) |
| 123.243.7.50 | | 123.243.7.75 |
| client client | | client client |
| 172.20.7.5 172.20.7.10 | | 172.20.8.5 172.20.8.10 |
| (above routed through fw/vpn) | | (above routed through fw/vpn) |
| 192.168.1.5 192.168.1.10 | | 192.168.1.5 192.168.1.10 |
--------------------------------------- ------------------------------------
Any help or feedback would be appreciated, even a document that I may need to
read in order to understand what is happening
Now I am not sure why shorewall is affecting the packet, but any input into
this would be greatly appreciated.
Tom Higgins
Epoch Labs
p: 03 8320 1000
w: www.epochlabs.com.au
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables
unlimited royalty-free distribution of the report engine
for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
