I would like to forward snmp from one LAN to another LAN. I believe I got one way working (from outside to inside), but sadly the box1 cannot seem to reply. (inside to outside)
The setup I would like to make :
box1 box2 box3
[10.1.255.245] -------------------------- [public_ip]
| eth0-|-eth1 |
|-----------3161---------------- 3161 ----|
These are the iptables rules which are relevant of BOX 2,
-A PREROUTING -i eth1 -p udp -m udp --dport 3161 -j DNAT --to-destination 10.1.255.244:3161
-A FORWARD -d 10.1.255.244/32 -p udp -m udp --dport 3161 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
Now I validated that packages coming from box3 are received in box1.
tcpdump 'port 3161'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:46:03.887718 IP x-20150810-092601.x.be.53329 > compute-0-2.local.doc1lm: UDP, length 48
13:46:04.888851 IP x-20150810-092601.x.be.53329 > compute-0-2.local.doc1lm: UDP, length 48
13:46:05.889977 IP x-20150810-092601.x.be.53329 > compute-0-2.local.doc1lm: UDP, length 48
13:46:06.891108 IP x-20150810-092601.x.be.53329 > compute-0-2.local.doc1lm: UDP, length 48
So I assume the snmp process cannot respond to the location cause it does not know how to find this out-of-lan ip... how can I add this ? this is route on box1 :
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
255.255.255.255 * 255.255.255.255 UH 0 0 0 eth0
box2 box2 255.255.255.255 UGH 0 0 0 eth0
224.0.0.0 * 255.255.255.0 U 0 0 0 eth0
10.1.0.0 * 255.255.0.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth1
192.168.0.0 * 255.255.0.0 U 0 0 0 eth1
default storage 0.0.0.0 UG 0 0 0 eth1
Or am I missing something else obvious ?
SNMP working trough UDP, so there is no sessions, like in TCP. So you should add additional NAT entry on box2 to allow packets from box1 to box3.
Something like this: