[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Reflect SNMP traps to multiple destinations.
From:       cyberclogs <sstavdal () start ! no>
Date:       2008-11-03 14:01:35
Message-ID: 20303258.post () talk ! nabble ! com
[Download RAW message or body]


Hello,

I am attempting to forward traps from a device to multiple management
stations.
For example,

Router A sends a trap to a node (NMS-A). When this trap passes the firewall,
I would like to pick up the packet, and duplicate this packet to NMS-B,
NMS-C etc).

I have looked at pf.conf, attempting several rule types.
Firstly, I tried the rdr statement, but it only forwards round-robin (so
either of the NMSs, but not all - which is what I want it to do).

Then I looked at the dup-to syntaxes, but I cannot see the traps being sent
to any other NMS than one of them.

This rule (in my head), would look at all traps sent to nms-a, and duplicate
the traps for nms-b and nms-c

pass in on $int_if dup-to ($nms_if $nms-b) proto udp from 10.10.10.1 to
$nms-a port 162
pass in on $int_if dup-to ($nms_if $nms-c) proto udp from 10.10.10.1 to
$nms-a port 162

# Router A is 10.10.10.1

Where am I going wrong? I have tried a lot of options now, but all I see
when tcpduping the nms_if are traps goin gto nms-a....

Please help...

Cheers,
Simon (aka Cyberclogs).
-- 
View this message in context: \
http://www.nabble.com/Reflect-SNMP-traps-to-multiple-destinations.-tp20303258p20303258.html
 Sent from the openbsd - packet filter mailing list archive at Nabble.com.


[prev in list] [next in list] [prev in thread] [next in thread]