Reverse proxy SNMP?

moabrocks · October 18, 2024, 4:21pm

1. The problem I’m having:

Currently have caddy working for reverse https. Would like to reverse SNMP requests as well.

2. Error messages and/or full log output:

Oct 18 09:13:54 ICEProxy caddy[31812]: {“level”:“error”,“ts”:1729264434.8838303,“logger”:“http.handlers.reverse_proxy”,“msg”:“aborting with incomplete response”,“upstream”:“192.168.1.2:80”,“duration”:6.876622965,“request”:{“remote_ip”:“10.85.41.40”,“remote_port”:“64177”,“client_ip”:“10.85.41.40”,“proto”:“HTTP/2.0”,“method”:“POST”,“host”:“10.85.40.100”,“uri”:“/gf/login.htm”,“headers”:{“Cookie”:,“Cache-Control”:[“max-age=0”],“Sec-Ch-Ua-Mobile”:[“?0”],“Referer”:[“https://10.85.40.100/gf/login.htm?logoutmessage=The�Library�Controller�session�logged�out.�Either�an�auto-logout�timeout�was�reached,�there�were�too�many�active�connections,�or�no�user�was�logged�in.�Please�log�in�again.“],“Sec-Fetch-User”:[”?1"],“Content-Length”:[“36”],“Priority”:["u=0, i”],“Sec-Fetch-Site”:[“same-origin”],“Sec-Ch-Ua”:[“"Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"”],“Upgrade-Insecure-Requests”:[“1”],“Accept-Language”:[“en-US,en;q=0.9”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7”],“Sec-Fetch-Mode”:[“navigate”],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36”],“Origin”:[“https://10.85.40.100”],“X-Forwarded-Host”:[“10.85.40.100”],“X-Forwarded-For”:[“10.85.41.40”],“X-Forwarded-Proto”:[“https”],“Sec-Ch-Ua-Platform”:[“"Windows"”],“Sec-Fetch-Dest”:[“document”],“Content-Type”:[“application/x-www-form-urlencoded”],“Accept-Encoding”:[“gzip, deflate, br, zstd”]},“tls”:{“resumed”:false,“version”:772,“cipher_suite”:4865,“proto”:“h2”,“server_name”:“”}},“error”:“reading: context canceled”}
(END)

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

a. System environment:

CentOS Linux release 7.9.2009 (Core)

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

N/A

d. My complete Caddy config:

{
log {
output stdout
level INFO
}
}

10.85.40.100:443 {
tls internal
reverse_proxy 192.168.1.2:80
}

:80 {
respond / “hello”
}

Refer to the Caddy docs for more information:

The Caddyfile — Caddy Documentation

5. Links to relevant resources:

Mohammed90 · October 18, 2024, 5:37pm

Plain Caddy is an HTTP (layer 7 protocol) server. SNMP is a different layer 7 protocol, which relies on UDP for transmission layer. To proxy SNMP, you need to use the layer4 plugin of Caddy.

moabrocks · October 24, 2024, 4:17pm

thanks @Mohammed90, out of the multitude of examples, which would reverse port 161?

Monviech · October 24, 2024, 6:37pm

You can not reverse proxy SNMP traffic on tcp 443 since it is a udp protocol. You can do something like this but its essentially the same as doing a port forward in your firewall:

{
layer4 {
		udp/:161 {
			route {
				proxy udp/192.168.1.1:161 {
				}
			}
		}
	}
}

system · November 23, 2024, 6:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.