Forward SNMP requests over a SSH connection (e.g. for use with Observium or other monitoring tools).

snmp-tunnel.sh

#!/bin/bash

# This script will make a local SNMP server accessible on a remote system by
# forwarding its UDP traffic over an SSH connection.

# To do this, the following port forwardings are applied (in this order):
# - local TCP port 42061 (arbitrary) to local UDP port 161 (SNMP)
# - remote TCP port 42061 to local TCP port 42061 (via SSH connection)
# - remote UDP port 42061 to remote TCP port 42061

# The remote UDP port can differ from the TCP port used for forwarding, as can
# the TCP ports used locally and remotely, as long as they are connected via
# the SSH connection.

socat tcp4-listen:42061,reuseaddr,fork UDP:localhost:161 &

autossh -R 42061:localhost:42061 omega "fuser -k -n udp 42061; socat -T15 udp4-recvfrom:42061,reuseaddr,fork,bind=127.0.0.1 tcp:localhost:42061"

Very useful thanks!

I'm actually doing the reverse, run the socat command on the remote host and autossh on the nms server.

Thanks, this helped me straighten my socat invocations 👍

I am running this as a service.
Actually as two services: socat and tunnel.
Tunnel must run always AFTER socat, right?

I am running this as a service.
Actually as two services: socat and tunnel.
Tunnel must run always AFTER socat, right?

Great to see that this is still useful after such a long time!
I'm not running it at the moment, so I can only guess, but I assume that socat's tcp:localhost:42061 on the remote side would fail if the local port was closed (because SSH would forward the RST/"port closed" response). So yes, you should make sure socat is running before starting the tunnel.

Yeah! It was so useful for me.
That confirms what was happening.
Thanks so much!