Skip to content

Instantly share code, notes, and snippets.

@n-st
Last active December 3, 2022 18:07
Show Gist options
  • Select an option

  • Save n-st/8886963 to your computer and use it in GitHub Desktop.

Select an option

Save n-st/8886963 to your computer and use it in GitHub Desktop.
Forward SNMP requests over a SSH connection (e.g. for use with Observium or other monitoring tools).
#!/bin/bash
# This script will make a local SNMP server accessible on a remote system by
# forwarding its UDP traffic over an SSH connection.
# To do this, the following port forwardings are applied (in this order):
# - local TCP port 42061 (arbitrary) to local UDP port 161 (SNMP)
# - remote TCP port 42061 to local TCP port 42061 (via SSH connection)
# - remote UDP port 42061 to remote TCP port 42061
# The remote UDP port can differ from the TCP port used for forwarding, as can
# the TCP ports used locally and remotely, as long as they are connected via
# the SSH connection.
socat tcp4-listen:42061,reuseaddr,fork UDP:localhost:161 &
autossh -R 42061:localhost:42061 omega "fuser -k -n udp 42061; socat -T15 udp4-recvfrom:42061,reuseaddr,fork,bind=127.0.0.1 tcp:localhost:42061"
@d1eg0v

d1eg0v commented Sep 10, 2015

Copy link
Copy Markdown

Very useful thanks!

I'm actually doing the reverse, run the socat command on the remote host and autossh on the nms server.

@kgadek

kgadek commented Nov 26, 2015

Copy link
Copy Markdown

Thanks, this helped me straighten my socat invocations 👍

@maufc

maufc commented Jun 10, 2021

Copy link
Copy Markdown

I am running this as a service.
Actually as two services: socat and tunnel.
Tunnel must run always AFTER socat, right?

@n-st

n-st commented Jun 16, 2021

Copy link
Copy Markdown
Author

I am running this as a service.
Actually as two services: socat and tunnel.
Tunnel must run always AFTER socat, right?

Great to see that this is still useful after such a long time!
I'm not running it at the moment, so I can only guess, but I assume that socat's tcp:localhost:42061 on the remote side would fail if the local port was closed (because SSH would forward the RST/"port closed" response). So yes, you should make sure socat is running before starting the tunnel.

@maufc

maufc commented Jun 16, 2021

Copy link
Copy Markdown

Yeah! It was so useful for me.
That confirms what was happening.
Thanks so much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment