Firewall considerations

Linux example

The following example configures a Linux firewall to enable communication using the TCP and UDP protocols through port 162 (the default value of the Port property):

1. Make a local copy of the file containing the firewall rules:

   cp /etc/sysconfig/iptables /root/firewall_rules

2. Edit the local copy of the rules and add the following:

   -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 162 -j ACCEPT
   -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 162 -j ACCEPT

3. Load the firewall with the new rules:

   iptables-restore < root/firewall_rules

4. List the rules to check they are correct:

   iptables -L
   
   ACCEPT tcp -- anywhere anywhere state  NEW tcp dpt:162
   ACCEPT udp -- anywhere anywhere state NEW udp dpt:snmptrap

5. Test that the probe can receive traps with the new rules in force:
   1. Start the probe allowing all protocols for the required port:

      $OMNIHOME/probes/nco_p_mttrapd -protocol "ALL" -port 162 -messagelevel debug 
      -messagelog stdout

   2. From a remote host, enter the following command:

      telnet probe_ip_address port

      Where probe_ip_address is the IP address of the probe server and port is the number of the port specified in the Port property.

      If the firewall is correctly configured, the probe displays the following message:

      Error: SNMP Message (priority=3): Received broken packet. Closing session.

      If no message appears, check the edits to the rules file, adjust as necessary, and repeat this step.

6. Implement the changes permanently:
   1. Edit the file /etc/sysconfig/iptables.
   2. Add the rules you implemented in the firewall_rules file.
   3. Load the firewall with these new rules:

      iptables-restore < /etc/sysconfig/iptables