Community discussions

MikroTik App
 
swits1109
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Sat Sep 10, 2016 6:03 pm

SNMP Over Internet

Mon Mar 27, 2017 1:16 am

Hello,

We have set our SNMP community string. We have also set the firewall to accept ports 161-162. See: https://goo.gl/E6TQbp and https://goo.gl/LUho9u

However, when trying to query SNMP over the internet, it fails.

Can you help? Thanks
 
User avatar
pietroscherer
Trainer
Trainer
Posts: 170
Joined: Thu Mar 05, 2015 3:05 pm
Location: RS, Brazil
Contact:

Re: SNMP Over Internet

Mon Mar 27, 2017 4:11 am

Make sure that your accept rules for SNMP protocol is above the drop rule of input chain (if exists).
Make sure too, if your ISP allow SNMP through it.
 
swits1109
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Sat Sep 10, 2016 6:03 pm

Re: SNMP Over Internet

Mon Mar 27, 2017 4:13 am

Yes, the rule is above all others. We are the ISP, so no problem there.
 
User avatar
pietroscherer
Trainer
Trainer
Posts: 170
Joined: Thu Mar 05, 2015 3:05 pm
Location: RS, Brazil
Contact:

Re: SNMP Over Internet

Mon Mar 27, 2017 4:19 am

SNMP is answered locally? Can you see the accept rules in input chain, counting packtes?
 
swits1109
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Sat Sep 10, 2016 6:03 pm

Re: SNMP Over Internet

Mon Mar 27, 2017 9:13 am

Here are the firewall settings:
https://goo.gl/OFr9qn

Unfortunately, no way to check SNMP locally, only over the internet.
 
User avatar
pietroscherer
Trainer
Trainer
Posts: 170
Joined: Thu Mar 05, 2015 3:05 pm
Location: RS, Brazil
Contact:

Re: SNMP Over Internet

Mon Mar 27, 2017 4:08 pm

Your router seems to receiving SNMP packets..
Some applications can use SNMP over TCP. Accept too the TCP rule for ports 161 and 162.

* Note that don't specify the src-address os these rules can be dangerous, once that SNMP can be used for DDoS attack amplification.
 
swits1109
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Sat Sep 10, 2016 6:03 pm

Re: SNMP Over Internet

Mon Mar 27, 2017 5:04 pm

It seems to be receiving a few packets, but I don't think they are from me. Whenever I have tried to query, it fails. I am using PRTG to specifically monitor bandwidth, and it fails every time.
 
swits1109
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Sat Sep 10, 2016 6:03 pm

Re: SNMP Over Internet

Mon Mar 27, 2017 5:06 pm

I did change it to TCP with no change.
 
User avatar
pietroscherer
Trainer
Trainer
Posts: 170
Joined: Thu Mar 05, 2015 3:05 pm
Location: RS, Brazil
Contact:

Re: SNMP Over Internet

Mon Mar 27, 2017 6:41 pm

My suggestion:

Try using a SNMP Tool (example: PRTG SNMP), running locally (Windows machine directly connected into the router). If SNMP responses are ok, RouterOS is ok. Then, you can run the same tool into your remote PRTG Server.
 
swits1109
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Sat Sep 10, 2016 6:03 pm

Re: SNMP Over Internet

Mon Mar 27, 2017 7:53 pm

Funny thing, I am actually using PRTG to try to monitor this router. I'll try to run it locally and see what happens.
 
User avatar
shaoranrch
Member Candidate
Member Candidate
Posts: 184
Joined: Thu Feb 13, 2014 8:03 pm

Re: SNMP Over Internet

Mon Mar 27, 2017 10:04 pm

Are you dual homed? With assymetric traffic paths?

Enviado desde mi SAMSUNG-SM-G920A mediante Tapatalk
 
swits1109
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Sat Sep 10, 2016 6:03 pm

Re: SNMP Over Internet

Mon Mar 27, 2017 10:06 pm

Not dual homed.
 
User avatar
shaoranrch
Member Candidate
Member Candidate
Posts: 184
Joined: Thu Feb 13, 2014 8:03 pm

Re: RE: Re: SNMP Over Internet

Mon Mar 27, 2017 10:13 pm

Not dual homed.
Do you have multiple IPs on the wan interface?

Are you querying to the main IP of the wan interface if the answer to the previous question is yes?

Enviado desde mi SAMSUNG-SM-G920A mediante Tapatalk
 
swits1109
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Sat Sep 10, 2016 6:03 pm

Re: SNMP Over Internet

Mon Mar 27, 2017 10:20 pm

Only 1 IP is on that interface. The router does respond to SNMP over the LAN, but not internet.
 
User avatar
shaoranrch
Member Candidate
Member Candidate
Posts: 184
Joined: Thu Feb 13, 2014 8:03 pm

Re: SNMP Over Internet

Tue Mar 28, 2017 6:42 am

Taking into account you said it works from the LAN side, are you 100% sure the router is receiving the petition? Did you do a packet capture?

I've worked with isp that are really odd and block everything going to well known ports towards their clients, maybe this is your case.

Enviado desde mi SAMSUNG-SM-G920A mediante Tapatalk

Who is online

Users browsing this forum: seriosha and 36 guests