Voxel - SNMP Installation?

11 posts / 0 new
Last post
monteroman
monteroman's picture
Voxel - SNMP Installation?

Good day!

Is it possible to install SNMP to allow for monitoring of the router on the Voxel firmware?   The firmware is perfect for me, and very stable.   The only thing missing is the ability to monitor it via SNMP.

 

Thanks!

Voxel
Voxel's picture
Hi,

Hi,

 

There are SNMP daemon and tools in Entware:
 

https://www.voxel-firmware.com/Downloads/Voxel/html/entware.html

e.g.
 

Package: snmpd
Version: 5.7.3-9
Depends: libc, libssp, librt, libpthread, libnetsnmp
Source: feeds/packages/net/net-snmp
License: MIT BSD-3-Clause-Clear
Section: net
Maintainer: Stijn Tintel <[email protected]>
Architecture: cortex-a15-3x
Installed-Size: 9152
Description:  Simple Network Management Protocol (SNMP) is a widely used protocol for
 monitoring the health and welfare of network equipment (eg. routers),
 computer equipment and even devices like UPSs. Net-SNMP is a suite of
 applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both
 IPv4 and IPv6.
 .
 This package contains the SNMP agent, dynamically linked.

NOTE: I did not try it.

Voxel.

 

monteroman
monteroman's picture
Hi Voxel.  Thanks for the

Hi Voxel.  Thanks for the information.  I was able to get SNMP up and running and ran a test internally and that seems to work perfectly, however I'm not able to get anything on my LAN side of my router from being able to hit it.   Is there some commands I need to run or a setting inside of Entware that needs to be set up to allow udp/161 to talk to the LAN side of the R7800?    I was poking around and trying a few things without success.

 

Thanks for your time!  

Monteroman

Voxel
Voxel's picture
I am not a specialist in SNMP

I am not a specialist in SNMP, sorry. I've passed your question to Entware team. So please wait a bit.

Voxel.

Voxel
Voxel's picture
Well, I've got a tip from

Well, I've got a tip from zyxmon to use mini_snmpd

 

It should work according to manual http://www.net-snmp.org/

No negative feedback on mini_snmpd.

Voxel.

monteroman
monteroman's picture
I'll give it a shot and

I'll give it a shot and report back.     Thanks for the advice Voxel!

monteroman
monteroman's picture
Voxel, I managed to get the

Voxel, I managed to get the mini-snmpd up and running and configured.   Once again, if I do an snmpwalk from within the R7800, it works fine and displays everything, but if i try to do it from a host on my LAN side, it won't respond.   

 

I looked at iptables and I see these entries:

Chain loc2fw (1 references)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 

DROP       tcp  --  anywhere             anywhere            state NEW tcp flags:!FIN,SYN,RST,PSH,ACK,URG/SYN 

DROP       udp  --  anywhere             anywhere            state NEW multiport dports snmp,snmp-trap 

ACCEPT     all  --  anywhere             anywhere            

 

I'm not really up on iptables, but in my limited knowledge, this tells me that it's blocking all SNMP traffic from the LAN side to the router.

Any thoughts?

monteroman
monteroman's picture
Additionally, I can confirm

Additionally, I can confirm that it is listening on UDP/161:

root@R7800:/tmp/mnt/sda2/entware/etc/init.d$ netstat -lnu |grep 161

udp        0      0 0.0.0.0:161             0.0.0.0:* 

It just seems like the firewall isn't allowing UDP/161 through to the LAN side.

 

Voxel
Voxel's picture
Well, I cannot say concretely

Well, I cannot say concretely... Seems you are right. Maybe NG firewall somehow blocks 161. IMO you should try to play with your own iptables settings to open 161. See in my README re: how to use you own iptables rules (your own script (5. Open your own firewall ports.)

NG firewall is enclosed part of NG. It is distributed in binary form with GPL sources.

Voxel.

monteroman
monteroman's picture
Voxel, you pointed me in the

Voxel, you pointed me in the right direction.   With the help of your README doc (and I looked originally and must have missed it the 1st time I glanced through it) with setting the custom /etc/netwall.conf with a setting of ACCEPT loc fw udp 161 and then a reboot and I was good.  I can now monitor the R7800.   THANK YOU!!!

 

Voxel
Voxel's picture
You are welcome. Most

You are welcome. Most important that you did it yourself yes Experience....

 

Voxel.