≡ Menu

Snmpd Listen to Specific IP Address ( BIND To Selected Interfaces )

How do I force SNMP (Simple Network Management Protocol) network management software to listen on public interfaces under RHEL / RedHat / Fedora / CentOS Linux server?

net-snmp comes with snmpd server which is an SNMP agent which binds to a port and awaits requests from SNMP management software. By default it binds to localhost ( only.

snmpd can be configured to listens for incoming SNMP requests on UDP port 161 on all IPv4 interfaces or selected interface using the -x option. A listening address takes the form:


Few Examples           listen on UDP port 161, but only on the loopback interface.  This prevents snmpd being queried  remotely.   The
                               port specification ":161" is not strictly necessary since that is the default SNMP port.
       TCP:1161                listen on TCP port 1161 on all IPv4 interfaces.
       ipx:/40000              listen on IPX port 40000 on all IPX interfaces.
       unix:/tmp/local-agent   listen on the Unix domain socket /tmp/local-agent.
       /tmp/local-agent        is  identical  to  the  previous  specification, since the Unix domain is assumed if the first character of the
                                is '/'.
       PVC:161                 listen on the AAL5 permanent virtual circuit with VPI=0 and VCI=161 (decimal) on the first ATM adapter  in  the
       udp6:10161              listen on port 10161 on all IPv6 interfaces.

CentOS / RHEL / Fedora Linux Specific Configuration

Edit /etc/sysconfig/snmpd.options, enter:
# vi /etc/sysconfig/snmpd.options
Uncomment OPTIONS line. Add -x option as follows to listen on default port 161 and IP and

OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x"

Save and close the file. Reload the changes:
# service snmpd reload
Update /etc/sysconfig/iptables firewall configuration to allow communication at udp port 161:
# vi /etc/sysconfig/iptables
Only accept connection only from to UDP port 161, enter:

-A RH-Firewall-1-INPUT -p udp s -m udp --dport 161 -j ACCEPT

Finally, restart iptables service:
# service iptables restart
You may also need to update your /etc/snmp/snmpd.conf to setup correct public community and other ACL settings. Refer snmpd.conf man page for more details.

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 6 comments… add one }

  • phignuton August 7, 2009, 4:54 pm

    This can also be done using the agentaddress directive in the snmpd.conf:


    will bind the agent to the specified IP address.

  • Tim January 19, 2010, 6:16 am


  • Dave October 20, 2010, 10:10 am

    The CentOS specific instructions here aren’t quite correct. By default, snmpd listens on port 199 (and this service doesn’t seem to be what you would expect either). I have tested this on CentOS and RHEL 5.3.

    When specifying -x and IP addresses, make sure you use instead of just

    Also, the syntax given in the example of specifying two IP addresses does not work. Only the first one is chosen. If you specify -x twice with different IP addresses, only the second one is chosen. You can use to listen on all network interfaces.

    Lastly, the “reload” command does not cause the daemon to listen on a newly configured IP address or port. The “restart” command does.

  • Vimo December 17, 2010, 12:25 pm

    Dear Gentleman,

    I have a RHEL5.5 server that has snmp installed(Version is net-snmp- This server has 5 n/w interfaces with diferent ip’s. My problem is when i try snmpwalk on to the main interface, in my case “bond0” with the assigned ip address there is no response.
    eg: snmpwalk v2c -c nature
    No Response from
    But when i run the same query with “localhost” snmpd responds.
    eg: snmpwalk v2c -c nature localhost

    There is no n/w level restrictions on this server. My nic related info is as follows..

    bond0 Link encap:Ethernet HWaddr B8:AC:6F:89:DA:60
    inet addr: Bcast: Mask:
    inet6 addr: fe80::baac:6fff:fe89:da60/64 Scope:Link
    RX packets:75293702 errors:0 dropped:0 overruns:0 frame:0
    TX packets:44772321 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:2009603615 (1.8 GiB) TX bytes:514353749 (490.5 MiB)

    eth0 Link encap:Ethernet HWaddr B8:AC:6F:89:DA:60
    RX packets:58079382 errors:0 dropped:0 overruns:0 frame:0
    TX packets:44772321 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:976741407 (931.4 MiB) TX bytes:514353749 (490.5 MiB)
    Interrupt:114 Memory:d6000000-d6012800

    eth4 Link encap:Ethernet HWaddr B8:AC:6F:89:DA:60
    RX packets:17214320 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1032862208 (985.0 MiB) TX bytes:0 (0.0 b)

    lo Link encap:Local Loopback
    inet addr: Mask:
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:1462105 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1462105 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:88459687 (84.3 MiB) TX bytes:88459687 (84.3 MiB)

    I tried the above mentioned options by vivek and Dave but no luck. Please advice gentleman.

    • Tim Boyer January 13, 2011, 1:42 am

      What’s /etc/snmp/snmpd.conf look like?

      rocommunity testing

      will allow from localhost, but not any other ip address.

      And don’t forget to restart snmpd…

  • Mike January 4, 2012, 6:19 pm

    You’re missing te ‘-‘ before the ‘s’ in your iptables line :D

Leave a Comment