RE: [Fwbuilder-discussion] WIN32 & SNMP
Brought to you by:
mikehorn
From: Andy H. <an...@ha...> - 2005-03-28 16:32:14
|
>Andy, > >On Mar 28, 2005, at 1:58 AM, Andy Hall wrote: > >> >> OK, Vadim, thanks. >> >> It wasn't obvious, so I also tried installing the Windows version of >> Net-snmp wondering whether this could be what FWbuilder was looking >> for, although did wonder why it didn't use the native >Microsoft stuff >> (one could be forgiven for not using anything Microsoft to do with >> networking :-) >> ) >> Now I know. > >I'll try windows version of net-snmp > I installed this, and the Win32 port is a little odd after installation. Everything is installed in directories than one would expect on a unix machine - i.e. under \usr. To a Windows user this will be strange because normally applications go under C:\program files I tried putting the library DLL into the FWbuilder install directory (BTW this really ought to be in the normal Windows place) but no luck. >> For the latest firewall, I am using FreeBSD 5.3 with >Net-snmp 5.21. >> I've >> found a problem using this with FWBuilder, but am pretty >certain that >> it >> isn't your issue. That is that when defining a new firewall and >> doing the >> SNMP check for interfaces, FWBuilder complains in the diagnostic >> window that >> it can't get ifPhysAddr from the target. I separately did an >> SNMPwalk >> from another machine, and the target, although it does respond to a >> request for interface parameters, leaves out these specific ones and >> so FWbuilder >> doesn't do anything with the rest of the information. I have a >> feeling >> that this may be to do with the interfacing of Net-snmp into the >> kernel but >> I am not certain. It's also present on 4.x builds of >FreeBSD as far >> as I >> can tell. >> > >could this be related to this bug report > >https://sourceforge.net/tracker/index.php? >func=detail&aid=1158871&group_id=5314&atid=105314 > >Please try changing parameter suffixprinting in >/usr/local/etc/snmp as bug report suggests. It doesn't seem to be. I tried it and no difference (with an snmpwalk). I've emailed the FreeBSD people as well to see if they can shed any light on it. > >> For the moment, I can fill in the interface addresses and details >> manually, >> although since I have tunnels there are likely to be quite a >few. Is >> there >> anything that FWbuilder needs to know about MAC addresses to >achieve? >> I >> should add that I am using PF on the FreeBSD box. >> > >I don't think pf supports MAC address matching in rules so in >your case >mac addresses won't be used. > I couldn't think of a reason to want MAC addresses anyway unless one were doing something associated with dynamic addressing. > >> Finally, many thanks for a really useful tool. Have you >given any >> thought >> to doing something with access lists and CBAC for Cisco IOS? >> > >I've been planning to do it but it gets delayed because of >lack of time. > I think that there's a market for that in that it is very typical to access lists in multiple routers in a large network. I believe that Ciscoworks does some configuration management for an all-Cisco network, but you have the flexible backends and consistent frontend which makes fwbuilder attractive. |