登录有问题的服务器
1.检测snmp
localhost:~ # ps -ef|grep snmp
root 55180 1 0 08:37 ? 00:00:08 /usr/sbin/snmpd -r -A -LF n /var/log/net-snmpd.log -p /var/run/snmpd.pid
root 58436 53989 0 09:44 pts/0 00:00:00 grep --color=auto snmp
2.检测端口
localhost:~ # netstat -nlup|grep 161
udp 0 0 0.0.0.0:161 0.0.0.0:* 55180/snmpd
3.查看连接
localhost:~ # netstat -anp|grep snmpd
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 55180/snmpd
udp 0 0 0.0.0.0:161 0.0.0.0:* 55180/snmpd
4.检测防火墙SuSEfirewall2
localhost:~ # systemctl status SuSEfirewall2
Unit SuSEfirewall2.service could not be found.
5.查看防火墙进程
localhost:~ # ps -ef |grep fire
root 55442 1 0 08:51 ? 00:00:00 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
root 55524 55352 0 09:08 pts/0 00:00:00 grep --color=auto fire
原来使用了firewalld服务,查看策略
localhost:~ # firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: 80/tcp 22/tcp 161/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
原因在于后来加的防火墙策略中端口设置错误,snmp使用UDP
6.添加防火墙策略
localhost:~ # firewall-cmd --add-port=161/udp --permanent
success
7.重启防火墙
localhost:~ # systemctl restart firewalld
8.客户端使用snmpwalk检测
root@Cnyunwei \~# snmpwalk -v 2c -c mygroup 192.168.10.20
可以看到可以仙人掌中服务器的snmp服务正常了。
注:如果使用SuSEfirewall2,需要修改 /etc/sysconfig/中的配置然后重新启动。
FW_SERVICES_EXT_UDP="161"
systemctl restart SuSEfirewall2