Tim Dawson
2016-Sep-12 17:31 UTC
[Nut-upsuser] Help with failing Nut slave/client connection
Or just set up sane firewall rules to allow the two to talk, but block external traffic. I have run this way for years - all add'rs ar IANA in a subnet block, and just that block is open locally, and all other external IP's severely restricted, and NUT works great . . . - Tim On September 12, 2016 11:47:28 AM CDT, "Stuart D. Gathman" <stuart at gathman.org> wrote:>On Mon, 12 Sep 2016, Jonah Naylor wrote: > >> I have two linux servers both with static IPs not using NAT. > >This is rather ambiguous. I'm going to guess that you mean they >have public IANA issued IPs that you are trying to use for nut. > >> My slave can't connect to my host. Whatever I try. > >That would be a sensible default for public IPs. > >> I have the same setup also on my LAN with two other machines and they >talk >> to each other and work great. > >That is also a sensible default for private IPs. > >If these two machines are both on the same LAN, they should talk >using a private IP. If not, you will need a VPN of some sort, >or else configure the SSL features of nut. I personally use >cjdns (available in epel for centos) for the vpn. > >-- > Stuart D. Gathman <stuart at gathman.org> >"Confutatis maledictis, flamis acribus addictis" - background song for >a Microsoft sponsored "Where do you want to go from here?" commercial. > >_______________________________________________ >Nut-upsuser mailing list >Nut-upsuser at lists.alioth.debian.org >http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser-- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20160912/81164833/attachment.html>
Stuart D. Gathman
2016-Sep-12 21:46 UTC
[Nut-upsuser] Help with failing Nut slave/client connection
On Mon, 12 Sep 2016, Tim Dawson wrote:> Or just set up sane firewall rules to allow the two to talk, but block > external traffic. I have run this way for years - all add'rs ar IANA in a > subnet block, and just that block is open locally, and all other external > IP's severely restricted, and NUT works great . . .Yeah, but IANA ips are easy to spoof. With cjdns, you allow just the cjdns IPs to connect to nut (or whatever) and they can't be spoofed. You can even use telnet over cjdns ips. :-) -- Stuart D. Gathman <stuart at gathman.org> "Confutatis maledictis, flamis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial.
Tim Dawson
2016-Sep-14 02:34 UTC
[Nut-upsuser] Help with failing Nut slave/client connection
Tough to get a spoofed IP to actually route back to it's host though, so other than those unfortunate to be on a flat network, still not too much of an issue . . . - Tim On 09/12/2016 04:46 PM, Stuart D. Gathman wrote:> On Mon, 12 Sep 2016, Tim Dawson wrote: > >> Or just set up sane firewall rules to allow the two to talk, but block >> external traffic. I have run this way for years - all add'rs ar IANA >> in a >> subnet block, and just that block is open locally, and all other >> external >> IP's severely restricted, and NUT works great . . . > > Yeah, but IANA ips are easy to spoof. With cjdns, you allow just the > cjdns IPs to connect to nut (or whatever) and they can't be spoofed. > You can even use telnet over cjdns ips. :-) >-- Tim Dawson 972-567-9360