Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    MRTG & SNMP on pfSense v2.0-RC3

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    5 Posts 2 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GVJosh
      last edited by

      I have a known working MRTG server in my HQ office.  I have a pfSense router running on a remote site.  I'm trying to build the config on MRTG and am getting "no response received".  I try to telnet to port 161 and no go.  NOTE:  I'm using the latest snapshot as of July 7th.

      Here are the steps I took to set it up:

      SERVICES -> SNMP -> Check the enable box.

      Polling Port: 161
      System Loc: blah
      System Contact: blah
      Read Community String: public (yes I know, but for testing purposes this is fine for now)

      All SNMP modules are checked.  Click SAVE and ensured service was running, it is.

      FIREWALL -> RULES - > WAN (in my case I renamed it to DSL)

      Created a new rule as follows:

      Action: PASS
      Interface: DSL
      Protocol: TCP/UDP
      Source: Single (public IP of my HQ site) - I also tried ANY
      Destination: Type=DSL address (also tried ANY here too)
      Destination Port Range:  from=SNMP to=SNMP

      I can telnet into my HTTP admin port just fine (and ping from) my MRTG server the public IP of the pfSense router.  I'm hoping I haven't found a bug but I can't figure out what I'm missing here?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Packet capture on WAN on port 161, see if the traffic gets there, and if it gets a response.

        1 Reply Last reply Reply Quote 0
        • G
          GVJosh
          last edited by

          Sorry for the delay in getting back to you cmb.  I must have forgot to the check the notification box when I posted and was waiting for an email.  ???

          In any case, I turned on packet capture for port 161 and see the following when I tell mrtg to poll pfSense:

          10:10:39.607518 IP 199.120.xxx.xxx.26056 > 99.75.xxx.xxx.161: UDP, length 41
          10:10:41.613635 IP 199.120.xxx.xxx.26056 > 99.75.xxx.xxx.161: UDP, length 41
          10:10:43.615102 IP 199.120.xxx.xxx.26056 > 99.75.xxx.xxx.161: UDP, length 41
          10:10:45.623717 IP 199.120.xxx.xxx.26056 > 99.75.xxx.xxx.161: UDP, length 41
          10:10:47.633326 IP 199.120.xxx.xxx.26056 > 99.75.xxx.xxx.161: UDP, length 41

          But MRTG still tells me:

          GVMTRG# /usr/local/bin/cfgmaker –global "WorkDir: /usr/local/www" --output /usr/local/etc/mrtg/Site.cfg public@99.75.xxx.xxx
          SNMP Error:
          no response received
          SNMPv1_Session (remote host: "99.75.xxx.xxx" [99.75.xxx.xxx].161)
                            community: "public"
                          request ID: -982178538
                          PDU bufsize: 8000 bytes
                              timeout: 2s
                              retries: 5
                              backoff: 1)
          at /usr/local/lib/perl5/site_perl/5.10.1/SNMP_util.pm line 629
          SNMPWALK Problem for 1.3.6.1.2.1.1 on public@99.75.xxx.xxx::::::v4only
          at /usr/local/bin/cfgmaker line 955
          WARNING: Skipping public@99.75.xxx.xxx: as no info could be retrieved

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            If that's from the WAN interface, the request is getting there but getting no response. Most common causes:

            1. SNMP either wrong community string or it's not enabled, doesn't seem to be the case.
            2. could be getting blocked by your firewall rules, check the firewall log
            3. if you have a 1:1 NAT on the public IP, or a port forward containing 161, it would redirect that to some other host.
            1 Reply Last reply Reply Quote 0
            • G
              GVJosh
              last edited by

              I went ahead and added the rule to both WAN interfaces (even though I was only targeting the DSL interface) and now its working, which makes no sense, but it does.  Thanks for your help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.