On 2016-09-23, a...@brandwatch.com <a...@brandwatch.com> wrote: >>> We tried setting "listen on $IP_Lo1" etc, and this seemed to work, but it >>> is unstable. That is, occasionally packets start being sourced from the >>> egress interface again when something changes until snmpd is restarted. >> >> I don't understand why binding on a loopback doesn't work. What is >> "when something changes" here? > > I haven't been able to figure that out yet. We have about 20 OpenBSD boxes, > and at some point or another, seemingly randomly, our monitoring system looses > connection to snmpd as it starts responding with the egress IP again and not > its loop back.
That's odd, loopbacks work reliably for me and I see no reason for them to fail. (otoh I *would* expect binding to 0.0.0.0 to have problems, also snmpd can't do dual-stack v4+6). > And we still have the trap source IP problem as the monitoring system > (Observium) recognises the device by its loopback. In the absence of proper support, this could be worked around with pf nat rules.
