Hi all Is the syntax:
ACL lan 10.0.0.0/255.0.0.0 allowed and correct? Shouldn't it be: ACL lan 10.0.0.0/8 If both notations are allowed in the same syntax - it is news to me - but then many things are news to me...:-) Richard. Charles Lepple wrote: > On Dec 21, 2007 11:07 AM, Ricardo Bugalho <[EMAIL PROTECTED]> wrote: > >> Hello, >> I'm unable to connect to upsd from anywhere except localhost and the >> debugging output is a bit weird. It looks like acl_check doesn't match >> even against 0/0. >> >> Here's my ACL on upsd.conf: >> >> ACL all 0.0.0.0/0 >> ACL localhost 127.0.0.1/32 >> ACL lan 10.0.0.0/255.0.0.0 >> >> ACCEPT localhost lan >> REJECT all >> >> >> Here's the output from upsd -DDDD for a request from localhost: >> acl_check: localhost: match 1 >> ACL [localhost] matches, action=1 >> Connection from ::ffff:127.0.0.1 >> acl_check: localhost: match 1 >> ACL [localhost] matches, action=1 >> write: [destfd=7] [len=24] [BEGIN LIST VAR core-ups >> ] >> write: [destfd=7] [len=34] [VAR core-ups battery.charge "100" >> ] >> [....] >> write: [destfd=7] [len=22] [END LIST VAR core-ups >> ] >> acl_check: localhost: match 1 >> ACL [localhost] matches, action=1 >> Client on ::ffff:127.0.0.1 logged out >> write: [destfd=7] [len=11] [OK Goodbye >> ] >> >> Here's the output from a request from another host: >> acl_check: localhost: match 0 >> acl_check: lan: match 0 >> acl_check: all: match 0 >> Rejecting TCP connection from ::ffff:10.11.8.101 >> >> My question being: why isn't it matching against any of the ACLs? >> > > It could be something unexpected in how the IPv4-in-IPv6 mapping > works. (Note that all of your IP addresses printed by NUT are prefixed > with "::ffff:", which comes from the C library's inet_ntoa function.) > While the 2.0.5 code looks at the bits in the address, there is still > a chance for something weird since it was written for IPv4 and the > sockets are most likely IPv6 with an IPv4 address. > > >> I'm using nut 2.0.5, built for CentOS5 from the src.rpm for Fedora Core >> 9. >> > > Is there a chance you can try this with the latest release (2.2.1), > which has some patches suggested by RedHat to improve IPv6 support? > There is a nut.spec in nut-2.2.1/packaging/redhat/ which you can drop > into RPM/SPECS. (Unfortunately, "rpmbuild -ta" probably won't work > because we have three variants of nut.spec in the tarball.) > > It has been a while since I did any substantial RedHat packaging work, > but if you need help building an RPM from source without the .srpm, > try emailing the list again, as there are often RPM-savvy readers > listening. > > _______________________________________________ Nut-upsuser mailing list Nut-upsuser@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/nut-upsuser
