LeoKurz2
Enthusiast
Enthusiast

SNMP Host on vco Appliance using port 162

Jump to solution

Hello,

the documentation says:

%<--------------------------------------------snip

The default port for SNMP traps is 162. However, on Linux systems, you can open ports bellow 1024 only with
superuser privileges. To ensure better compatibility, the default port for listening to SNMP traps in the
SNMP plug-in is set to 4000.

snap-------------------------------------------->%

So, is there a way to use port 162 on the vco appliance (as it runs on linux)?

Any help appreciated!

__Leo

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
dimitrovg
VMware Employee
VMware Employee

(to add more wood in the fire).

As the appliance is SLES based you can either get the iptables package from the SLES or from OpenSUSE:

wget http://ftp.sunet.se/pub/Linux/distributions/opensuse/update/11.3/rpm/x86_64/iptables-1.4.8-2.3.1.x86...

rpm -Uvh iptables-1.4.8-2.3.1.x86_64.rpm

(warn: installing own packages is not supported :).

After that the command

iptables -t nat -A PREROUTING -p udp --dport 162 -j REDIRECT --to 4000

Should do the trick.

Notes: this will not work from localhost and will not work for IPv6 and you should add it to the scripts so everytime the net or the computer is restarted to be set again.

I'm a little curios which are your devices as I checked several programs that I know can send SNMP and they have IP address, port and community string as setting.

Example:

http://ftp.nchu.edu.tw/MySQL/tech-resources/articles/snmp_traps.png

https://vcp4.files.wordpress.com/2011/01/image0012.png

http://www.cisco.com/en/US/i/200001-300000/250001-260000/251001-252000/251186.jpg

View solution in original post

0 Kudos
7 Replies
Jinnie
VMware Employee
VMware Employee

Only if you login via SSH and restart the vCO server in super-user mode, which is generally not recommended.
If the snmp client is not able to talk to other port but 162, you could possibly setup port forwarding on the machine with the client, to route localhost:162 to the appliance:4000.
You could also do this on the appliance itself, which would be more acceptable than starting the whole vCO as super user.

Best regards,

Ivan

LeoKurz2
Enthusiast
Enthusiast

Ivan,

thanx a lot for your reply! Any hint how to redirect port 162 to 4000 in the applinace? I hav only limited Linux knowledge...

__Leo

0 Kudos
LeoKurz2
Enthusiast
Enthusiast

O.K., Google is your friend 🙂 It seems like iptables is the appropriate tool to accomplish the redirection, but there is no iptables on the appliance 😞 Any other idea? I don't want to mess around too much with the appliance as I'm afraid that all is lost sooner or later when it comes to updates etc. Before I start figuring out how to change the standard snmp port on devices like ups, switches etc. (on may I'm sure I won't stand a chance), I'll prefer switching to vco on windows. Shame, but as this has to be a robust and reliable solution, I'm not too keen on any text adventures on the Linux shell of an applince...

__Leo

0 Kudos
Jinnie
VMware Employee
VMware Employee

Hi,

You could try adding a port-forwarding software of your choice to some windows machine on your network. And it will act the same way, as proxy servers work for the web. Take requests on it's own 162 port, rediredt them to the appliance 4000.

I don't know how robust or applicable it is for your environment, and I can not recommend one, as I've not used any recently. But it will be easier to test with such a windows app.

A quick google for "windows port redirect" suggests this as first result http://www.quantumg.net/portforward.php, and looking at the screens it looks okay, but still - haven't tested it personally, so ... try at your own risk

Best regards,

Ivan

LeoKurz2
Enthusiast
Enthusiast

Ivan,

the more non redundant parts you add, the more unreliable it gets. If I am to put another Windows host in the chain, I'll directly put vco on it. Perhaps in another release of the vco appliance add iptables and add a workflow to redirect the snmp traffic 🙂 If you are serious about trap handling, you have to use port 162. I had a quick glance on some of my devices and non of them can use an alternate port.

Thanx for your help anyway!

__Leo

0 Kudos
dimitrovg
VMware Employee
VMware Employee

(to add more wood in the fire).

As the appliance is SLES based you can either get the iptables package from the SLES or from OpenSUSE:

wget http://ftp.sunet.se/pub/Linux/distributions/opensuse/update/11.3/rpm/x86_64/iptables-1.4.8-2.3.1.x86...

rpm -Uvh iptables-1.4.8-2.3.1.x86_64.rpm

(warn: installing own packages is not supported :).

After that the command

iptables -t nat -A PREROUTING -p udp --dport 162 -j REDIRECT --to 4000

Should do the trick.

Notes: this will not work from localhost and will not work for IPv6 and you should add it to the scripts so everytime the net or the computer is restarted to be set again.

I'm a little curios which are your devices as I checked several programs that I know can send SNMP and they have IP address, port and community string as setting.

Example:

http://ftp.nchu.edu.tw/MySQL/tech-resources/articles/snmp_traps.png

https://vcp4.files.wordpress.com/2011/01/image0012.png

http://www.cisco.com/en/US/i/200001-300000/250001-260000/251001-252000/251186.jpg

0 Kudos
LeoKurz2
Enthusiast
Enthusiast

Thanx a lot!

As you wrote, not supported 😞 I'm working on a UPS shutdown scenario and the UPSs (?) I checked weren't able to change the port. As this is real critical I won't go down the unsupported path...

__Leo

0 Kudos