[BackupPC-users] localhost translated as 127.0.0.1 vs. ::1 messing up permissions
My /etc/httpd/conf.d/BackupPC.conf file (which is the default in Fedora 12) restricts access to localhost (which makes sense) as follows: allow from 127.0.0.1 My /etc/hosts file has these (Fedora default) lines at the top: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 mycomputer.mydomain ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 mycomputer.mydomain When I access the web interface from my Console, using either http://127.0.0.1/BackupPC or http://localhost/BackupPC, everything works (as expected) and the httpd access_log records the access as coming from 127.0.0.1 However when I access the web interface via an ssh tunnel using -L 8145:localhost:80 and http://127.0.0.1:8145/BackupPC, somehow the address gets translated to ::1 (as shown by the httpd error_log records) which causes access to be denied. Now I know I can fix this either by removing the ::1 line from the hosts file or by adding ::1 to the /etc/httpd/conf.d/BackupPC.conf file. But I want to understand first why in an ssh tunnel the 127.0.0.1:8145 address would be translated to ::1 rather than to 127.0.0.1 -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] localhost translated as 127.0.0.1 vs. ::1 messing up permissions
Please ignore my previous host. It's a Fedora configuration issue. Nothing to do with BackupPC. Jeffrey J. Kosowsky wrote at about 12:10:00 -0500 on Monday, December 7, 2009: > My /etc/httpd/conf.d/BackupPC.conf file (which is the default in > Fedora 12) restricts access to localhost (which makes sense) as > follows: >allow from 127.0.0.1 > > My /etc/hosts file has these (Fedora default) lines at the top: >127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 mycomputer.mydomain >::1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 mycomputer.mydomain > > When I access the web interface from my Console, using either > http://127.0.0.1/BackupPC or http://localhost/BackupPC, everything > works (as expected) and the httpd access_log records the access as coming > from 127.0.0.1 > > However when I access the web interface via an ssh tunnel using > -L 8145:localhost:80 and http://127.0.0.1:8145/BackupPC, somehow the > address gets translated to ::1 (as shown by the httpd error_log > records) which causes access to be denied. > > Now I know I can fix this either by removing the ::1 line from the > hosts file or by adding ::1 to the /etc/httpd/conf.d/BackupPC.conf > file. > > But I want to understand first why in an ssh tunnel the 127.0.0.1:8145 > address would be translated to ::1 rather than to 127.0.0.1 > > > -- > Join us December 9, 2009 for the Red Hat Virtual Experience, > a free event focused on virtualization and cloud computing. > Attend in-depth sessions from your desk. Your couch. Anywhere. > http://p.sf.net/sfu/redhat-sfdev2dev > ___ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List:https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki:http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] localhost translated as 127.0.0.1 vs. ::1 messing up permissions
::1 is the IPv6 loopback address > My /etc/httpd/conf.d/BackupPC.conf file (which is the default in > Fedora 12) restricts access to localhost (which makes sense) as > follows: >allow from 127.0.0.1 > > My /etc/hosts file has these (Fedora default) lines at the top: >127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 mycomputer.mydomain >::1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 mycomputer.mydomain > > When I access the web interface from my Console, using either > http://127.0.0.1/BackupPC or http://localhost/BackupPC, everything > works (as expected) and the httpd access_log records the access as coming > from 127.0.0.1 > > However when I access the web interface via an ssh tunnel using > -L 8145:localhost:80 and http://127.0.0.1:8145/BackupPC, somehow the > address gets translated to ::1 (as shown by the httpd error_log > records) which causes access to be denied. > > Now I know I can fix this either by removing the ::1 line from the > hosts file or by adding ::1 to the /etc/httpd/conf.d/BackupPC.conf > file. > > But I want to understand first why in an ssh tunnel the 127.0.0.1:8145 > address would be translated to ::1 rather than to 127.0.0.1 -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] localhost translated as 127.0.0.1 vs. ::1 messing up permissions
On Monday 07 Dec 2009 17:10:00 Jeffrey J. Kosowsky wrote: > Now I know I can fix this either by removing the ::1 line from the > hosts file or by adding ::1 to the /etc/httpd/conf.d/BackupPC.conf > file. Correct. But there is a third option. > But I want to understand first why in an ssh tunnel the 127.0.0.1:8145 > address would be translated to ::1 rather than to 127.0.0.1 Because ssh supports IPv6, and as the newer version of the protocol it takes priority. The third fix is to disable IPv6 support in SSH. Regards, Tyler -- "Religion is autocratic, law is democratic, and science is meritocratic. Religious logic is dogmatic, legal logic is axiomatic, and science is pragmatic. Scientific theories can be altered by publishing a paper with reproducible results, and political principles can be changed every two to four years with an election, but if you want to change religious principles you usually have to wait for a whole generation of clergy to die." -- Soren Ragsdale, http://tongodeon.livejournal.com/801252.html -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] localhost translated as 127.0.0.1 vs. ::1 messing up permissions
Hi, Jeffrey J. Kosowsky wrote on 2009-12-07 12:10:00 -0500 [[BackupPC-users] localhost translated as 127.0.0.1 vs. ::1 messing up permissions]: > [post ignored due to senders request] I think the fourth option is the easiest and most straightforward: > My /etc/hosts file has these (Fedora default) lines at the top: >127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 mycomputer.mydomain >::1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 mycomputer.mydomain > [...] > However when I access the web interface via an ssh tunnel using > -L 8145:localhost:80 and http://127.0.0.1:8145/BackupPC, somehow the > address gets translated to ::1 (as shown by the httpd error_log > records) which causes access to be denied. just use 'ssh -L 8145:localhost4:80 ...' Regards, Holger -- Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] localhost translated as 127.0.0.1 vs. ::1 messing up permissions
Holger Parplies wrote at about 14:34:09 +0100 on Tuesday, December 8, 2009: > Hi, > > Jeffrey J. Kosowsky wrote on 2009-12-07 12:10:00 -0500 [[BackupPC-users] > localhost translated as 127.0.0.1 vs. ::1 messing up permissions]: > > [post ignored due to senders request] Thanks for responding anyway :) > > I think the fourth option is the easiest and most straightforward: > just use 'ssh -L 8145:localhost4:80 ...' That's a good idea that I hadn't thought of - in fact, in the back of my head I had at one time wondered why Fedora added the new host aliases localhost4 and localhost6 in addition to localhost. It is probably more generally a good idea for me to change over my (many) ssh tunnels to explicitly use localhost4 rather than localhost in the case where I really mean 127.0.0.1 since these ipv4 vs. ipv6 issues will become only more common as ipv6 becomes more of an every day reality... -- Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/