Kitz Forum
Broadband Related => Broadband Hardware => Topic started by: Mick on May 10, 2008, 03:42:43 PM
-
Greetings - 1st message to this forum! :baby:
I am trying to capture and graph my SN margin from a Netgear DG834, which I have been running in bridged mode. I can't switch on SNMP, despite having enabled/disabled/re-enabled the SNMP functionality using the CGI buttons. Sure enough only two ports are shown open:
PORT STATE SERVICE VERSION
23/tcp open telnet Netgear DG834G telnetd (BusyBox 0.61.pre)
80/tcp open http Netgear DG834 router http config
Service Info: Devices: router, broadband router
Is SNMP only available if the DG834 is run as a router, or am I missing something basic?
-
Hi there
SNMP uses UDP port 161, which for some reason appears to be blocked in the Netgear's iptables firewall config.
To get around this, make sure your Netgear's Telnet is enabled (http://router/setup.cgi?todo=debug), telnet into it and type the following:
iptables -L INPUT --line-numbers
Note the line that includes the words "DROP" and "dpt:161" - you need to delete that rule by typing this:
iptables -D INPUT rulenumber
where rulenumber is the number of the rule.
I have grabbed this from my Netgear MRTG config perl script, and have no Netgear to test it on at the moment, so unfortunately that's as clear as I can remember it in my head!
You have to do this on each reboot, which is a bit of a pain. Hope that helps :)
-
Thanks Chris!
I disabled the blocking rule:# iptables -L INPUT --line-numbers
iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP udp -- anywhere anywhere udp dpt:161
2 ACCEPT udp -- anywhere anywhere udp dpt:161
# iptables -D INPUT 1
iptables -D INPUT 1
# iptables -L INPUT --line-numbers
iptables -L INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:161
#
Then I tried to disable/enable the SNMP service. However, every time I enabled it, rule 1 was somehow being recreated! I then would delete it once more, check that it has been deleted, but no connection to port 161 was available. :no: Trying to re-enable snmp repeats the cycle. ???
(BTW, I also tried activating SNMP on a DG834GT (normal router, not in bridged mode) and I could not get the SNMP cgi page. However, this router is running the older Version 1.02.09 of the firmware).
The SNMP firewall rule does not make sense to me. I mean, you would as a minimum want to access the router from its LAN address, right?
Anything else I could try?
-
Not sure. I know I used to have it working with MRTG, but it wasn't in Bridge mode. I found the same as you, for some reason enabling SNMP would also enable that firewall rule, so I would disable / enable SNMP before deleting the rule.
After doing that, it seemed to just work, however. I take it you've possibly not seen the MRTG with Netgear DG834 (http://www.kitz.co.uk/routers/netgeardg834_MRTG.htm) page on the main site here yet that contains all the MRTG perl scripts I wrote ages ago? Dunno if that's any use to you or not :)
-
"I am trying to capture and graph my SN margin from a Netgear DG834"
Not sure if I've read this right - but to monitor and save graphs of your SNRM and sync etc. then I can recommend the free RouterStats application: www.vwlowen.co.uk/internet/files.htm
-
I take it you've possibly not seen the MRTG with Netgear DG834 (http://www.kitz.co.uk/routers/netgeardg834_MRTG.htm) page on the main site here yet that contains all the MRTG perl scripts I wrote ages ago? Dunno if that's any use to you or not :)
Thanks Chris. I saw you scripts and even tried one of them although it errors out:$ ./enabletelnet.pl
./enabletelnet.pl: line 1: syntax error near unexpected token `('
'/enabletelnet.pl: line 1: `use Net::Telnet ();
I don't have telnet on this machine, only netcat, but I don't think it errors because of this.
I tried again and I got no joy with SNMP. I checked the processes running on the router and there is no sign of snmpd. I even tried it from the shell:
# snmpd
snmpd
#
Usage : snmpd lan_if wan_if
# cat /proc/net/arp
cat /proc/net/arp
IP address HW type Flags HW address Mask Device
10.10.10.5 0x1 0x2 00:A2:A5:C6:B1:8D * br0
# snmpd if_lan br0
snmpd if_lan br0
can't bind socket
#
I am I doing this right?
-
Not sure if I've read this right - but to monitor and save graphs of your SNRM and sync etc. then I can recommend the free RouterStats application: www.vwlowen.co.uk/internet/files.htm
Yep, you got it right and thank you for the link. I have seen this application, but I do not run WINE on my machine (it's rather temperamental and every update seems to break whatever I had working previously).
-
Hi Mick, sorry I meant to include that you need Net::Telnet for Perl, which is why it's erroring out.
When posting the scripts I had just taken it as a given that Net::Telnet was installed, I'd forgotten I'd installed it as a separate module into Perl!
If snmpd isn't running then not sure what else to suggest, to be honest :(