Difference between revisions of "FAQ:Agent 30"

From Net-SNMP Wiki
Jump to: navigation, search
 
(Latest FAQ revision - preparing for 5.5 release)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
= I'm getting errors about "bad security model" - why? =  
+
= Why am I getting "Connection refused"? =  
  
{{FAQ:Agent_30}}
+
<!-- NB:
 +
  There is a mismatch between the template numbering
 +
  for this entry, and the FAQ entries that refer to it.
 +
  This follows a review of the entries in the
 +
  Agent section.
 +
-->
 +
{{FAQ:Agent_29}}
  
 
     [[FAQ:Agent]]
 
     [[FAQ:Agent]]
 
     {{FAQ:Agent}}
 
     {{FAQ:Agent}}

Latest revision as of 14:11, 15 June 2009

Why am I getting "Connection refused"?

This is actually nothing to do with the access control mechanism (though that's an understandable mistake). This is the result of the TCP wrapper mechanism using the files 'hosts.allow' and 'hosts.deny' to control access to the service. Some distributions may come with this enabled automatically - otherwise you need to explicitly activate this by running

               configure --with-libwrap

and recompiling the agent.

If TCP wrappers are enabled, and both hosts.allow and hosts.deny are empty, then all requests will be rejected (with "Connection refused"). The simplest way to avoid this problem and allow incoming requests is to add the line

               snmpd: ALL

to the file /etc/hosts.allow. Be aware that doing this removes one level of protection and allows anyone to try and query your agent. The agent's own access control mechanisms can still be used to restrict what - if anything - they can see.

If you do wish to use the TCP wrappers to restrict access, it's sensible to have an explicit entry:

               snmpd: ALL

in the file /etc/hosts.deny, which makes it crystal clear that access to the SNMP agent has been denied. This mechanism can also be used to restrict access to specific management hosts, using a hosts.deny entry such as:

               snmpd: ALL EXCEPT 127.

which will allow connections from localhost, and nothing else.

Note that personal firewalls, such as the Linux iptables mechanism, may have a similar effect (though typically this won't be logged). See the earlier entry Requests always seem to timeout, and don't give me anything back. Why?

   FAQ:Agent
   
  1. What MIBs are supported?
  2. What protocols are supported?
  3. How do I configure the agent?
  4. How do I remove a MIB from the agent?
  5. I've installed a new MIB file. Why can't I query it?
  6. How do I add a MIB to the agent?
  7. What's the difference between 'exec', 'sh', 'extend' and 'pass'?
  8. What's the difference between AgentX, SMUX and proxied SNMP?
  9. What is the purpose of 'dlmod'?
  10. Which extension mechanism should I use?
  11. Can I use AgentX when running under Windows?
  12. How can I run AgentX with a different socket address?
  13. How can I turn off SMUX support?
  14. How can I combine two copies of the 'mib2' tree from separate subagents?
  15. What traps are sent by the agent?
  16. Where are these traps sent to?
  17. How can I send a particular trap to selected destinations?
  18. When I run the agent it runs and then quits without staying around. Why?
  19. After a while the agent stops responding, and starts eating CPU time. Why?
  20. How can I stop other people getting at my agent?
  21. How can I listen on just one particular interface?
  22. The agent is complaining about 'snmpd.conf'. Where is this?
  23. Why does the agent complain about 'no access control information'?
  24. How do I configure access control?
  25. How do I configure SNMPv3 users?
  26. The 'createUser' line disappears when I start the agent. Why?
  27. What's the difference between /var/net-snmp and /usr/local/share/snmp?
  28. My new agent is ignoring the old snmpd.conf file. Why?
  29. Where should the snmpd.conf file go?
  30. Why am I getting "Connection refused"?
  31. Why can't I see values in the UCDavis 'extensible' or 'disk' trees?
  32. Why can't I see values in the UCDavis 'memory' or 'vmstat' tree?
  33. What do the CPU statistics mean - is this the load average?
  34. How do I get percentage CPU utilization using ssCpuRawIdle?
  35. What about multi-processor systems?
  36. The speed/type of my network interfaces is wrong - how can I fix it?
  37. The interface statistics for my subinterfaces are all zero - why?
  38. Does the agent support the RMON-MIB?
  39. What does "klread: bad address" mean?
  40. What does "nlist err: wombat not found" (or similar) mean?
  41. What does "Can't open /dev/kmem" mean?
  42. The system uptime (sysUpTime) returned is wrong!
  43. Can the agent run multi-threaded?
  44. Can I use AgentX (or an embedded SNMP agent) in a threaded application?