How snmp Traps Be Forwarded from One System to Another

This document describes how the system receiving the traps can be configured to forward the traps on to
a third system.
HostA: 10.30.35.52 (Initial System where we send test traps)
HostB: 10.30.35.173 (SNMP trap forwarder)
HostC: 10.30.35.113 (SNMP Destination)

1. Install below RPM’s in all 3 Hosts.

net-snmp.x86_64,
net-snmp-agent-libs.x86_64
net-snmp-libs.x86_64
snmpcheck.noarch

2. On the initial system (HostA) that is generating the traps, configure the /etc/snmp/snmpd.conf file
to send traps to HostB IP address: 10.30.35.173

[root@js1ger snmp]# cat /etc/snmp/snmpd.conf

trapcommunity public
trapsink 10.30.35.173 public 161
[root@js1ger snmp]#
Restart snmpd if needed on HostA.
3. On the system receiving the traps (HostB at 10.30.35.173), add the following line to
its /etc/snmp/snmptrapd.conf file.
In this example, traps are forwarded to HostC, which has the IP address 10.30.35.113:
ignoreauthfailure yes
#disableAuthorization - accepts traps with any community strings
disableAuthorization yes
outputOption n
forward default 10.30.35.113

Enable snmptrapd  & Start snmptrapd service on hostB

% systemctl enable snmptrapd.service

% systemctl start snmptrapd.service

4. Either disable iptables on all three systems involved, or configure iptables to allow connections

on port 162. Also, if there are any hardware firewalls between the systems, verify that
connections on port 162 will be allowed:

Here I have disabled Iptables & Selinux.

[root@syslog01dedc02p ~]# sestatus
 SELinux status: disabled
[root@syslog01dedc02p ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination
[root@syslog01dedc02p ~]#

5. Now generate a trap on HostA, see if HostC receives it. If not, newer versions
of snmpd and snmptrapd will do some level of authentication on the system receiving the
forward. If that is the case, do the following on the system receiving the forward, which
is HostC in this example. Create the /etc/snmp/snmptrapd.conf file, and add the following line:

disableAuthorization yes

Start and turn on the snmptrapd Service on HostC.

% systemctl enable snmptrapd.service

% systemctl start snmptrapd.service

Now generate a trap on HostA, and see if HostC receives it.

Check /var/log/messages on hostB and hostC if there are any issues.

Logs:
Generate SNMP V1 trap with below command in HostA
[root@js1ger snmp]# date; snmptrap -v 1 -c public 10.30.35.173 .1.3.6.1.6.3 "" 0 0 coldStart.0
Thu Feb 25 09:36:02 CET 2021

HostB Logs
root@ksserver:/var/log>% tail -f messages
Feb 25 09:36:03 ksserver snmptrapd[92874]: 2021-02-25 09:36:03 js1ger.mach.com [10.30.35.52]
(via UDP: [10.30.35.52]:49159->[10.30.35.173]:162) TRAP, SNMP v1, community
public#012#011.1.3.6.1.6.3 Cold Start Trap (0) Uptime: 0:00:00.00
Feb 25 09:37:19 ksserver ntpd[12805]: 0.0.0.0 c613 03 spike_detect -0.289592 s
^C
root@ksserver:/var/log>%
HostC logs:

[root@syslog01dedc02p ~]# tail -f /var/log/messages

Feb 25 03:36:02 syslog01dedc02p snmptrapd[1170]: 2021-02-25 03:36:02 10.30.35.52(via UDP:
[10.30.35.173]:48151->[10.30.35.113]:162) TRAP, SNMP v1, community public#012#011SNMPv2-
SMI::snmpModules Cold Start Trap (0) Uptime: 0:00:00.00
Feb 25 04:01:01 syslog01dedc02p systemd: Started Session 2 of user root.

^C
[root@syslog01dedc02p ~]#