I have Ubuntu Linux 22.04 that makes SNNP requests to get SNMP data from remote devices.
I have 2 ethernet ports eno1: 192.168.100.40 and eno2: 192.168.10.40. I would like all snmp commands like get,walk,etc. to only go out eno2:. I have looked at IPtable etc. Not really very familiar in this area. Any help would be great. Thanks Much.
This is complicated with SNMP because net-snmp utilites don't have an option to bind to certain local IP address, rendering "usual" methods of source-based routing ineffective. So we need another approach.
Let's suppose the gateway behind eno1 is set as a default route in the main routing table. Let also suppose the gateway behind eno2 is 192.168.10.x.
Now you create VRF, assign eno2 to it and add a default route via its gateway into that VRF:
ip link add vrf-snmp type vrf table 10 ip link set dev vrf-snmp up ip link set dev eno2 master vrf-snmp ip addr add 192.168.10.40/24 dev eno2 ip route add default via 192.168.10.x table 10 Notice that I add route into the same table I associated VRF with.
Now, this VRF has alternate routing. Whenever you need to send traffic out via 192.168.10.x (through eno2), you need to run your program in context of that VRF:
ip vrf exec vrf-snmp snmpwalk -v2c ... (or simply run a whole shell with ip vrf exec vrf-snmp bash to not need any additional prefix)
This is similar to having an additional network namespace and running your programs in that namespace (and that would work too), but in my opinion this approach is simpler to setup and use.
Further reading:
eno2interface with other routing? If not, you can assign it to a VRF which would have alternate default gateway and then run snmp commands in context of that VRF withip vrf exec. If that's sufficient, I can explain it in more detail in an answer.