SNMP on Debian

April 20, 2010

If you want to monitor your servers from a central management station, you’ll probably need to configure an SNMP daemon on your servers. Here is a quick note to show you how easy it is to get started with SNMP on Linux machine (examples are for Debian but should be easy to adapt for other distribution).

1) install snmpd package

# aptitude install snmpd

2) edit /etc/default/snmpd to remove restriction or replace the default listening address (127.0.0.1 by default). the line to modify is

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'

or you can simply remove it with sed

# sed -i "s/.pid 127.0.0.1'/.pid'/" /etc/default/snmpd

3) add snmpd: 192.168.1.1 in /etc/hosts.allow to allow 192.168.1.1 to poll the server

# echo snmpd: 192.168.1.1 >> /etc/hosts.allow

4) edit /etc/snmp/snmpd.conf to define your community string(s), view(s) and allowed hosts (yes, again)

####
# First, map the community name (COMMUNITY) into a security name:
#        sec.name   source          community
com2sec  readonly   192.168.1.1/32  somecommunity

####
# Second, map the security names into group names:
#               sec.model  sec.name
group MyROGroup v2c        readonly

####
# Third, create a view for us to let the groups have rights to:
#          incl/excl   subtree   mask
view all   included    .1        80

####
# Finally, grant the groups access to the view with different
# read/write permissions:
#                context sec.model sec.level match  read   write  notif
access MyROGroup ""      any       noauth    exact  all    none   none

Once configured, start (or restart) the snmpd daemon.

# /etc/init.d/snmpd restart

And then test from the management station (here 192.168.1.1). We will try to get the hostname of the monitored device :

# snmpget -v 2c -c somecommunity 192.168.1.254 SNMPv2-MIB::sysName.0
SNMPv2-MIB::sysName.0 = STRING: gandalf

Filed Under Systems · Leave a Comment

Dual stack IPv4/IPv6 on FreeBSD

April 14, 2010

Here is a quick note to show how easy it is to enable a dual IP stack on FreeBSD (and actually on most modern system)…

Here is what you need :

1. Native connectivity to IPv4 & IPv6 backbones

Connectivity to IPv4 should be OK. If you don’t have connectivity to IPv6 you may want to use 6in4 tunnel to connect to IPv6 backbone through a tunnel over IPv4 backbone. Several tunnel brokers are available for free, I personally know Hurricane Electric and SixXS.

2. An IPv4 gateway such as 192.168.1.1
3. An IPv4 address in that range such as 192.168.1.10
4. An IPv6 gateway such as 2001:db8:abcd::1
5. An IPv6 address in that range such as 2001:db8:abcd::e
6. Put all together in /etc/rc.conf

Extract from /etc/rc.conf

#IPv4 config
ifconfig_re0="inet 192.168.1.10 netmask 255.255.255.0"
static_routes="default"
route_default="default 192.168.1.1"

#IPv6 config
ipv6_enable="YES"
ipv6_ifconfig_re0="2001:db8:abcd::e/56"
ipv6_static_routes="default"
ipv6_route_default="default 2001:db8:abcd::1"

Then restart the server or the network related script from /etc/rc.d

ipv6#/etc/rc.d/netif start
re0: flags=8843 metric 0 mtu 1500
	options=9b
	ether 9e:65:96:1e:ca:5e
	inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
	media: Ethernet autoselect (100baseTX )
	status: active

ipv6#/etc/rc.d/routing start
add net default: gateway 192.168.1.1
Additional routing options:.

ipv6# /etc/rc.d/network_ipv6 start
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
net.inet6.ip6.forwarding: 0 -> 0
re0: flags=8843 metric 0 mtu 1500
	options=9b
	inet6 2001:db8:abcd::e prefixlen 56 tentative
plip0: flags=108810 metric 0 mtu 1500
lo0: flags=8049 metric 0 mtu 16384
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net default: gateway 2001:db8:abcd::1
IPv4 mapped IPv6 address support=NO

You may notice the IPv6 address is marked as tentative, that’s because DAD (Duplicate Address Detection) is still validating the IPv6 address. If you run ifconfig a bit later and if you IPv6 is not a duplicate address, the tentative flag should disappear.

Test connectivity with some awesome tools…

ipv6# ping -c3 www.google.com
PING www.l.google.com (209.85.229.147): 56 data bytes
64 bytes from 209.85.229.147: icmp_seq=0 ttl=55 time=10.624 ms
64 bytes from 209.85.229.147: icmp_seq=1 ttl=55 time=10.675 ms
64 bytes from 209.85.229.147: icmp_seq=2 ttl=55 time=10.815 ms

--- www.l.google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 10.624/10.705/10.815/0.081 ms

ipv6# ping6 -c3 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:db8:abcd::e --> 2a00:1450:8006::93
16 bytes from 2a00:1450:8006::93, icmp_seq=0 hlim=56 time=15.562 ms
16 bytes from 2a00:1450:8006::93, icmp_seq=1 hlim=56 time=15.529 ms
16 bytes from 2a00:1450:8006::93, icmp_seq=2 hlim=56 time=15.541 ms

--- ipv6.l.google.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 15.529/15.544/15.562/0.014 ms

Congratulations, you now have IPv4 and IPv6 connectivity from your FreeBSD box!

Filed Under Systems · Leave a Comment

Recent Posts

Recent Comments
- Kees: Thanks a lot, finally get of the can’t create ….. error Cheers
- Christophe Lemaire: Hi Melek, In order to take advantage of the redundant setup, I would go for HSRP or even GLBP if...
- Melek: Hi, Thank you for this post, it is really interesting. I am trying to implement the same design but I still...
- Matthew: Awesome post. This has been a thorn in my side for many months. I implemented this last night, told Clam not...

Categories
Archives

Cumulus

antivirus Cisco Company Firewall IPv6 Juniper Linux Mac OS X network Networks Security Systems VPN Company news (4)
Networking (4)
Security (4)
Systems (6)

WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.

-->

SNMP on Debian

Dual stack IPv4/IPv6 on FreeBSD

Recent Posts

Recent Comments

Cumulus

Categories

Archives

Cumulus