Hi thanks for the reply. I installed Nut via apt-get, not from source (which I'd rather stick with if possible just for ease of security updates etc) - so I'm not too sure if TCP wrappers are there or available... This could be the problem, am I still able to add the wrappers in with prebuilt packages? Thanks very much once again. :) On 24 November 2016 at 21:51, Roger Price <roger at rogerprice.org> wrote:> On Thu, 24 Nov 2016, Jonah Naylor wrote: > > The servers can ping each other... The router log doesn't show anything >> and I am the admin for the servers. The machines firewalls allow each >> other's ips etc. Part of the issue is possibly that I just don't know if >> I've set up NUT correctly for this arrangement? Like I say it works ok on >> LAN, but not across networks. Is there something I should be doing other >> than adding "allowfrom = ipaddressofslave" to the upsd.users file on the >> master? >> > > Does your NUT have TCP wrappers compiled in? In that case is > /etc/hosts.allow on the master set to allow the traffic? > > When you issue a NUT command on the slave, addressed to the master, does > tcpdump on the master's subnetwork show the traffic to port 3493? > > Roger > > _______________________________________________ > Nut-upsuser mailing list > Nut-upsuser at lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20161124/48fd879f/attachment.html>
On Thu, 24 Nov 2016, Jonah Naylor wrote:> I installed Nut via apt-get, not from source (which I'd rather stick > with if possible just for ease of security updates etc) - so I'm not too > sure if TCP wrappers are there or available... > > This could be the problem, am I still able to add the wrappers in with prebuilt packages?Could you apt-get the source and look for the .spec file if your distribution has one. The openSUSE distribution nut.spec file contains %configure \ --disable-static \ --with-pic \ --sysconfdir=%{CONFPATH} \ --datadir=%{_datadir}/nut \ --with-all \ --without-doc \ --with-ssl \ --with-openssl \ --without-nss \ --with-wrap \ ... which shows that TCP Wrappers are included. I have the following declaration in the master's hosts.allow. (I have no hosts.deny file) upsd : localhost, LOCAL, 127.0.0.1, [::1] : ALLOW upsd : ALL : spawn (/bin/mail -r hosts.allow at localhost\ -s '%s@%h (mybox) refused access to %d from %c'\ roger at localhost) & : DENY # And now the denials which previously appeared in /etc/hosts.deny ALL : ALL : DENY You may need to add the IP address of your slave. Roger
Hi thanks for helping. I don't think nut is built with TCP wrappers support, although the package is listed as depending on libwrap... I ran this command: ldd /sbin/upsd | grep libwrap.so and it has returned no output. Does this mean I have to compile from source or is there a way to add the tcp wrapper support? Thanks again. On 24 November 2016 at 22:40, Roger Price <roger at rogerprice.org> wrote:> On Thu, 24 Nov 2016, Jonah Naylor wrote: > > I installed Nut via apt-get, not from source (which I'd rather stick with >> if possible just for ease of security updates etc) - so I'm not too sure if >> TCP wrappers are there or available... >> >> This could be the problem, am I still able to add the wrappers in with >> prebuilt packages? >> > > Could you apt-get the source and look for the .spec file if your > distribution has one. The openSUSE distribution nut.spec file contains > > %configure \ > --disable-static \ > --with-pic \ > --sysconfdir=%{CONFPATH} \ > --datadir=%{_datadir}/nut \ > --with-all \ > --without-doc \ > --with-ssl \ > --with-openssl \ > --without-nss \ > --with-wrap \ ... > > which shows that TCP Wrappers are included. > > I have the following declaration in the master's hosts.allow. (I have no > hosts.deny file) > > upsd : localhost, LOCAL, 127.0.0.1, [::1] : ALLOW > upsd : ALL : spawn (/bin/mail -r hosts.allow at localhost\ > -s '%s@%h (mybox) refused access to %d from %c'\ > roger at localhost) & : DENY > > # And now the denials which previously appeared in /etc/hosts.deny > ALL : ALL : DENY > > You may need to add the IP address of your slave. > > > Roger > > _______________________________________________ > Nut-upsuser mailing list > Nut-upsuser at lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20161125/e90948a7/attachment.html>