MRTG problem on WAN



  • Hi everybody. I'm trying to use MRTG and pfsense but I have problems.
    My pfsence has three NICs:
    a NIC for WAN
    a NIC for DMZ
    a NIC for VLANs
    When my win-pc sits on DMZ, I'm able to monitor DMZ-traffic.
    When my win-pc sits on VLAN, I'm able to monitor VLAN-traffic.
    When my win-pc sits on WAN, I'm able to monitor WAN-traffic.

    But when I try to configure MRTG, from my win-pc sitting on DMZ, in order to monitor WAN-traffic I get the following error:

    SNMP Error:
    no response received
    SNMPv1_Session (remote host: "wan" [xx.xx.xx.xx].161)
                      community: "public"
                    request ID: -1276485481
                    PDU bufsize: 8000 bytes
                        timeout: 2s
                        retries: 5
                        backoff: 1)
    at C:/mrtg-2.16.3/bin..\lib\mrtg2/SNMP_util.pm line 629
    SNMPWALK Problem for 1.3.6.1.2.1.1 on public@wan::::::v4only
    at cfgmaker line 956
    WARNING: Skipping public@wan: as no info could be retrieved

    what seems to be the problem? Please help.
    Manolis



  • I am guessing this is the general case where you can't access a pfsense port on the WAN from inside the LAN (or DMZ in this case.)



  • So, it's just a rule problem or it is not supported by pfsense?



  • As danswartz mentioned, this is probably just a rule problem.  Show us some screenshots from your DMZ firewall rules…



  • I have a DMZ-rule that allows any from my pc to wan interface (dmz.JPG).
    10.34.152.35 is my pc IP
    10.34.152.2 is my WAN interface IP

    There is also a WAN rule (wan.JPG) which is unnecessary in my opinion, but added just in case.

    There are no blocked packets on "firewall system logs".






  • I drew a picture of your configuration and noticed your DMZ PC (10.34.152.35) appears to live on the same subnet as your WAN IP (10.34.152.2).  Is this correct?  Or, have you applied different masks to your networks?  Look at the attached jpg and tell me if this is right/wrong.




  • 27-bit masks to both wan and dmz (different nets).


Log in to reply