![background image](/i/tripp-lite/128520/tripp-lite-b094-008-2e-m-f-b096-048-b096-016-b094-008-2e-v-b096-032/h/tripp-lite-b094-008-2e-m-f-b096-048-b096-016-b094-008-2e-v-b096-032-225.png)
225
Chapter 15: Advanced Configuration
15.4 IP- Filtering
The Console Server uses the
iptables
utility to provide a stateful firewall of LAN traffic. By default rules are automatically
inserted to allow access to enabled services, and serial port access
via
enabled protocols. The commands which add these
rules are contained in configuration files:
/etc/config/fw.rules
This is an executable shell script which is run whenever the LAN interface is brought up and whenever modifications are made
to the
iptables
configuration as a result of CGI actions or the
config
command line tool.
The basic steps performed are as follows:
• Running iptables configuration is erased, per-interface and other standard system chains are installed
• Fall through Block rules (default deny) are installed
• Serial & Network: Services policies are installed in per-interface chains
• Custom Serial & Network: Firewall rules are inserted at the top of the rule sets, taking priority over any other configuration
If you require further firewall customization, extra rules can be persisted by creating a file at /etc/config/scripts/firewall-post
containing iptables commands to amend the firewall policy.
There’s good documentation about using the iptables command at the Linux
netfilter
website
http://netfilter.org/documentation/
index.html.
There are also many high-quality tutorials and HOWTOs available
via
the
netfilter
website, in particular peruse the
tutorials listed on the
netfilter
HOWTO page.
15.5 SNMP Status Reporting and Traps
Console Servers can send traps/messages to multiple remote SNMP Network Managers on defined trigger events (as detailed
in Chapter 7). Console Servers also contain an SNMP Service (snmpd) which can provide status information on demand. From
the snmpd manual page:
snmpd is an SNMP agent which binds to a port and awaits requests from SNMP management software. Upon receiving
a request, it processes the request(s), collects the requested information and/or performs the requested operation(s) and
returns the information to the sender.
15.5.1 Retrieving status information using SNMP
Console Servers can provide serial and device status information through SNMP. This includes
• Serial port status
• Active users
• Remote Power Control (RPC) and Power Distribution Unit (PDU) status
• Environmental Monitoring Device (EMD) status
• Signal alert status
• Environmental alert status and
• UPS alert status
The MIBs in your Console Server are located in
/etc/snmp/mibs
.
OG-STATUS-MIB
This new MIB contains serial and connected device status information (for snmpstatusd & snmpalertd)
OG-STATUSv2-MIB
This new MIB contains extended status and alert
OG-SMI-MIB
Enterprise structure of management information
OGTRAP-MIB
SMIv1 traps from old MIBS (as smilint will not let SMIv1 structures coexist with SMIv2)
15.5.2 Check firewall rules
• Select
System: Services
and ensure the
SNMP daemon
box has been checked for the interface required
This will allow SNMP requests through the firewall for the specified interface.