Thursday, March 10, 2011

Fixed: SNMP on Ubuntu listening only on localhost

By default, snmpd only listens on 127.0.0.1. Edit /etc/default/snmpd and change this line:

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'

to this:

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'

That is, remove the specification to run only on 127.0.0.1 - then restart snmpd.

I also removed any RW access that had been configured in /etc/snmp/snmpd.conf. I only want read access via SNMP.

4 comments:

  1. Hey,
    Should the /usr/local/sbin/snmpd be owned by snmp user or root
    I'm trying to diagnose this very same problem and after modifiying the file you mentioned, i get the same result. i cannot snmpwalk the machine from any other server

    ReplyDelete
  2. Hi Vlad,

    on my Ubuntu box, it's owned by root, readable by all. However, on my Ubuntu box, the snmpd binary is /usr/sbin/snmpd not /usr/local/sbin/snmpd - are you using a packaged version, or something you've compiled from source?

    As a first step: can you snmpwalk localhost from the machine where snmpd is running?

    ReplyDelete
  3. And just to follow on, you can see if it's listening only on localhost address by doing this:

    $ netstat -aun | grep ':161'
    udp 0 0 127.0.0.1:161 0.0.0.0:*

    You can see in my output, it's listening only on localhost for this computer. You might also be able to see the command that started snmpd by doing:

    $ ps axwu | grep [s]nmpd
    snmp 1786 0.0 0.0 8736 3808 ? S Nov12 0:04 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1

    ReplyDelete