On Dec 21, 2007 11:07 AM, Ricardo Bugalho <[EMAIL PROTECTED]> wrote: > Hello, > I'm unable to connect to upsd from anywhere except localhost and the > debugging output is a bit weird. It looks like acl_check doesn't match > even against 0/0. > > Here's my ACL on upsd.conf: > > ACL all 0.0.0.0/0 > ACL localhost 127.0.0.1/32 > ACL lan 10.0.0.0/255.0.0.0 > > ACCEPT localhost lan > REJECT all > > > Here's the output from upsd -DDDD for a request from localhost: > acl_check: localhost: match 1 > ACL [localhost] matches, action=1 > Connection from ::ffff:127.0.0.1 > acl_check: localhost: match 1 > ACL [localhost] matches, action=1 > write: [destfd=7] [len=24] [BEGIN LIST VAR core-ups > ] > write: [destfd=7] [len=34] [VAR core-ups battery.charge "100" > ] > [....] > write: [destfd=7] [len=22] [END LIST VAR core-ups > ] > acl_check: localhost: match 1 > ACL [localhost] matches, action=1 > Client on ::ffff:127.0.0.1 logged out > write: [destfd=7] [len=11] [OK Goodbye > ] > > Here's the output from a request from another host: > acl_check: localhost: match 0 > acl_check: lan: match 0 > acl_check: all: match 0 > Rejecting TCP connection from ::ffff:10.11.8.101 > > My question being: why isn't it matching against any of the ACLs?
It could be something unexpected in how the IPv4-in-IPv6 mapping works. (Note that all of your IP addresses printed by NUT are prefixed with "::ffff:", which comes from the C library's inet_ntoa function.) While the 2.0.5 code looks at the bits in the address, there is still a chance for something weird since it was written for IPv4 and the sockets are most likely IPv6 with an IPv4 address. > I'm using nut 2.0.5, built for CentOS5 from the src.rpm for Fedora Core > 9. Is there a chance you can try this with the latest release (2.2.1), which has some patches suggested by RedHat to improve IPv6 support? There is a nut.spec in nut-2.2.1/packaging/redhat/ which you can drop into RPM/SPECS. (Unfortunately, "rpmbuild -ta" probably won't work because we have three variants of nut.spec in the tarball.) It has been a while since I did any substantial RedHat packaging work, but if you need help building an RPM from source without the .srpm, try emailing the list again, as there are often RPM-savvy readers listening. -- - Charles Lepple _______________________________________________ Nut-upsuser mailing list Nut-upsuser@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/nut-upsuser