[QUOTE=jmcg;12154]it is being sent to port 162, that was another one of my mistakes in understanding this issue. The following is the syntax Tripplite has used and says works but i can’t get it to. When i even attempt any of the commands I get unknown service.
vi-admin@localhost:~> sudo chkconfig iptables off
vi-admin’s password:
iptables: unknown service
vi-admin@localhost:~> sudo service iptables save
service: no such service iptables
vi-admin@localhost:~> sudo service iptables stop
service: no such service iptables
vi-admin@localhost:~>
On VIMA, if you would prefer to disable the firewall:
[vi-admin@vima ~]$ sudo chkconfig iptables off
[vi-admin@vima ~]$ sudo service iptables save
[vi-admin@vima ~]$ sudo service iptables stop
Otherwise open the specific ports: 161, 162, 3664 and 3665.
[vi-admin@vima ~]$ sudo iptables ÂI INPUT Âp UDP -Âdport 161 Âm state -Âstate NEW Âj ACCEPT
[vi-admin@vima ~]$ sudo iptables ÂI INPUT Âp UDP -Âdport 162 Âm state -Âstate NEW Âj ACCEPT
[vi-admin@vima ~]$ sudo iptables ÂI INPUT Âp UDP -Âdport 3664 Âm state -Âstate NEW Âj ACCEPT
[vi-admin@vima ~]$ sudo iptables ÂI INPUT Âp UDP -Âdport 3665 Âm state -Âstate NEW Âj ACCEPT
Finally, save the firewall configuration.
[vi-admin@vima ~]$ sudo /etc/init.d/iptables save[/QUOTE]
So according to that information, there ought to be a file /etc/init.d/iptables - which, supposedly, is in charge for such a service to init firewall rules… if it’s not there, then the information may be specific for the former version, which was based on a different distro (as you wrote initially).
“opening the firewall” manually can be done by calling “iptables -F”, which should flush all entries in the rule chains and get you to
[CODE]vima:~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination[/CODE]
“policy ACCEPT” means that if there are no rules in a chain, then all packets are accepted (it’s actually “when a packet has passed all rules of a chain without being explicitly accepted or rejected”, but as there are no rules…).
Does your network trace now show the packets coming in on port 162? If so, your next step would be to somehow debug what’s happening inside that daemon (“pasdad”).
I did some digging on the internet and found this: https://github.com/jim-brannon-lrcwe/tripplite-pasdad/blob/a33e1a95abf988ad919e5ff28fa99c30a54ef76b/paconfig.ini which implies that pasdad was at that time actually polling the remote device. Do you see a similar config file somewhere? The open port 162 indicates that your pasdad is actually listening for snmp traps. Had you added your script in that config file or is there any hint that this might be required? Does pasdad generate any logging?
Maybe it is easier to actually make pasdad poll the device, which would be over snmp (port 161 on the management card).
Regards,
Jens