FAQ:Agent 29
Why am I getting "Connection refused"?
This is actually nothing to do with the access control mechanism
(though that's an understandable mistake). This is the result of
the TCP wrapper mechanism using the files 'hosts.allow'
and 'hosts.deny'
to control access to the service. Some distributions may come with
this enabled automatically - otherwise you need to explicitly activate
this by running
configure --with-libwrap
and recompiling the agent.
If TCP wrappers are enabled, and both hosts.allow
and hosts.deny
are
empty, then all requests will be rejected (with "Connection refused").
The simplest way to avoid this problem and allow incoming requests is
to add the line
snmpd: ALL
to the file /etc/hosts.allow
.
Be aware that doing this removes one level of protection and allows
anyone to try and query your agent. The agent's own access control
mechanisms can still be used to restrict what - if anything - they can see.
If you do wish to use the TCP wrappers to restrict access, it's sensible to have an explicit entry:
snmpd: ALL
in the file /etc/hosts.deny
, which makes it crystal clear that access
to the SNMP agent has been denied. This mechanism can also be used to
restrict access to specific management hosts, using a hosts.deny
entry such as:
snmpd: ALL EXCEPT 127.
which will allow connections from localhost, and nothing else.
Note that personal firewalls, such as the Linux iptables mechanism, may have a similar effect (though typically this won't be logged). See the earlier entry Requests always seem to timeout, and don't give me anything back. Why?
FAQ:Agent
- What MIBs are supported?
- What protocols are supported?
- How do I configure the agent?
- How do I remove a MIB from the agent?
- I've installed a new MIB file. Why can't I query it?
- How do I add a MIB to the agent?
- What's the difference between 'exec', 'sh', 'extend' and 'pass'?
- What's the difference between AgentX, SMUX and proxied SNMP?
- What is the purpose of 'dlmod'?
- Which extension mechanism should I use?
- Can I use AgentX when running under Windows?
- How can I run AgentX with a different socket address?
- How can I turn off SMUX support?
- How can I combine two copies of the 'mib2' tree from separate subagents?
- What traps are sent by the agent?
- Where are these traps sent to?
- How can I send a particular trap to selected destinations?
- When I run the agent it runs and then quits without staying around. Why?
- After a while the agent stops responding, and starts eating CPU time. Why?
- How can I stop other people getting at my agent?
- How can I listen on just one particular interface?
- The agent is complaining about 'snmpd.conf'. Where is this?
- Why does the agent complain about 'no access control information'?
- How do I configure access control?
- How do I configure SNMPv3 users?
- The 'createUser' line disappears when I start the agent. Why?
- What's the difference between /var/net-snmp and /usr/local/share/snmp?
- My new agent is ignoring the old snmpd.conf file. Why?
- Where should the snmpd.conf file go?
- Why am I getting "Connection refused"?
- Why can't I see values in the UCDavis 'extensible' or 'disk' trees?
- Why can't I see values in the UCDavis 'memory' or 'vmstat' tree?
- What do the CPU statistics mean - is this the load average?
- How do I get percentage CPU utilization using ssCpuRawIdle?
- What about multi-processor systems?
- The speed/type of my network interfaces is wrong - how can I fix it?
- The interface statistics for my subinterfaces are all zero - why?
- Does the agent support the RMON-MIB?
- What does "klread: bad address" mean?
- What does "nlist err: wombat not found" (or similar) mean?
- What does "Can't open /dev/kmem" mean?
- The system uptime (sysUpTime) returned is wrong!
- Can the agent run multi-threaded?
- Can I use AgentX (or an embedded SNMP agent) in a threaded application?