[squid-users] SNMP + Remote query problem

From: Berant Lemmenes <berant@dont-contact.us>
Date: Thu, 11 Dec 2003 16:33:20 -0500

Hello all, I've been befuddled with a SNMP problem. I've got a squid
box running as a transparent cache (using wccp) which is working fine.
I've tried to get SNMP going so that I can use MRTG to generate usage
graphs. Where things stand now is SNMP queries work fine from the
localhost which squid is running on... ie:

snmpwalk 192.168.255.120:3401 -c public .1.3.6.1.4.1.3495.1.1

returns:

enterprises.3495.1.1.1.0 = 2636
enterprises.3495.1.1.2.0 = 123976
enterprises.3495.1.1.3.0 = Timeticks: (261736) 0:43:37.36

however that same statement from another box on the same network yeilds
a time out and I get "Failed SNMP agent query from : 192.168.252.82." on
the squid box.

I've been unable to find any similar situations on the web and the
archives of this mailing list. So I'm wondering if anyone else has seen
this and or has any thoughts on how to diagnose this.

Here are the pertinent sections of my squid.conf:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl snmppub snmp_community public
acl logger src 192.168.252.82/255.255.255.255

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl our_networks src 192.168.252.0/22
http_access allow our_networks

http_reply_access allow all

snmp_access allow snmppub logger
snmp_access deny all

Any help at all would be greatly appreciated!
Thanks
Berant
Received on Thu Dec 11 2003 - 14:33:38 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:10 MST