listenAddress = GenericAddress.parse(System.getProperty("snmp4j.listenAddress", "udp:0.0.0.0/162"));
TransportMapping transport;
if (listenAddress instanceof UdpAddress) {
transport = new DefaultUdpTransportMapping((UdpAddress) listenAddress);
} else {
transport = new DefaultTcpTransportMapping((TcpAddress) listenAddress);
}
snmp = new Snmp(dispatcher, transport);
snmp.getMessageDispatcher().addMessageProcessingModel(new MPv2c());
snmp.listen();
但是,代码只能由非root用户启动。所以当我运行程序时,出现错误。 java.net.bindexception permission denied.
我想162端口重定向到16200。而在我的代码,我可以这样调用
listenAddress = GenericAddress.parse(System.getProperty("snmp4j.listenAddress", "udp:0.0.0.0/16200"));
然后我修改的/ etc/SYSCONFIG/iptables的,但它didn`t工作。以下是iptables的配置。
*nat
:PREROUTING ACCEPT [1379:235423]
:POSTROUTING ACCEPT [6:680]
:OUTPUT ACCEPT [6:680]
-A PREROUTING -p udp -m udp --dport 162 -j REDIRECT --to-ports 16200
COMMIT
# Completed on Thu Nov 10 18:07:25 2016
# Generated by iptables-save v1.3.5 on Thu Nov 10 18:07:25 2016
*filter
:INPUT ACCEPT [38534:3129869]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2052:284032]
-A INPUT -p tcp -m tcp --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 162 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 162 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 161 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 162 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 162 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 16200 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 16200 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 161 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --sport 161 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 162 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --sport 162 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 161 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --sport 161 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 162 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --sport 162 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 16200 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --sport 16200 -m state --state ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Nov 10 18:07:25 2016
# Generated by iptables-save v1.3.5 on Thu Nov 10 18:07:25 2016
*mangle
:PREROUTING ACCEPT [39240:3206748]
:INPUT ACCEPT [38535:3129909]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2052:284032]
:POSTROUTING ACCEPT [2052:284032]
COMMIT
如何配置iptables,以便我可以在16200端口获得陷阱消息?或者有没有其他方法可以做到这一点?
我很困惑。请给我一些建议。谢谢!
2016-11-10
Wendy