[squid-users] SNMP problems (Squid Cache: Version 2.5.STABLE5)

From: Joel Franusic <joel@dont-contact.us>
Date: Fri, 02 Jul 2004 18:40:09 +0200

Here is the issue: SNMP works from localhost, but not from anywhere else.

Squid Cache: Version 2.5.STABLE5

"egrep -v ^\# /etc/squid/squid.conf | uniq " produces:

---START OUTPUT---
hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache_mem 768 MB

maximum_object_size 524288 KB

maximum_object_size_in_memory 128 KB

cache_dir aufs /cache1 30000 16 256
cache_dir aufs /cache2 30000 16 256

log_mime_hdrs on

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

refresh_pattern -i
.*liveupdate.symantecliveupdate.com.*(zip|x[0-9][0-9]) 0 80% 43200
ignore-reload
refresh_pattern -i .*windowsupdate.com.*(cab|exe) 0 80% 43200 ignore-reload
refresh_pattern -i .*windowsupdate.microsoft.com.*(cab|exe) 0 80% 43200
ignore-reload

acl snmppublic snmp_community public
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 21 # ftp
acl Safe_ports port 161 # snmp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost

acl staff_network src 10.0.0.0/255.255.255.0
no_cache deny QUERY
http_access allow staff_network

http_access deny all

http_reply_access allow all

visible_hostname localhost

snmp_port 161

snmp_access allow snmppublic staff_network
snmp_access deny all

snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255

coredump_dir /var/spool/squid
---END OUTPUT---

I've run tethereal on eth0, I can see the "SNMP GET" come in from my
external host, but there is no reply that goes out.
When I run tethereal on lo, I can see "SNMP GET" and "SNMP RESPONSE"
from localhost.

setting "snmp_access allow snmppublic all" changes nothing
setting "snmp_port 3401" makes no difference

Any ideas would be greatly appreciated!
Received on Fri Jul 02 2004 - 10:40:24 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:01 MDT