Tim Dawson
2016-Sep-14 02:34 UTC
[Nut-upsuser] Help with failing Nut slave/client connection
Tough to get a spoofed IP to actually route back to it's host though, so other than those unfortunate to be on a flat network, still not too much of an issue . . . - Tim On 09/12/2016 04:46 PM, Stuart D. Gathman wrote:> On Mon, 12 Sep 2016, Tim Dawson wrote: > >> Or just set up sane firewall rules to allow the two to talk, but block >> external traffic. I have run this way for years - all add'rs ar IANA >> in a >> subnet block, and just that block is open locally, and all other >> external >> IP's severely restricted, and NUT works great . . . > > Yeah, but IANA ips are easy to spoof. With cjdns, you allow just the > cjdns IPs to connect to nut (or whatever) and they can't be spoofed. > You can even use telnet over cjdns ips. :-) >-- Tim Dawson 972-567-9360
Jonah Naylor
2016-Oct-15 15:02 UTC
[Nut-upsuser] Help with failing Nut slave/client connection
HI again, Sorry I didn't mean to cause a security debate. I'd like things to be secure of course, but I've got a dilema that I don't use DHCP and instead have a block of static IPs from my ISP. So my nut server has 68.68.452.02 for example and my two slave clients have 68.68.452.03 and .04 ideally I'd like to allow access for the whole static IP block to access the nut server machine. I've tried all sorts in the nut.conf upsd.users and other config files but just can't get it to work. Any advice or help would be really appreciated. Thank you :) On 14 September 2016 at 03:34, Tim Dawson <tadawson at tpcsvc.com> wrote:> Tough to get a spoofed IP to actually route back to it's host though, so > other than those unfortunate to be on a flat network, still not too much of > an issue . . . > > - Tim > > On 09/12/2016 04:46 PM, Stuart D. Gathman wrote: > >> On Mon, 12 Sep 2016, Tim Dawson wrote: >> >> Or just set up sane firewall rules to allow the two to talk, but block >>> external traffic. I have run this way for years - all add'rs ar IANA in a >>> subnet block, and just that block is open locally, and all other external >>> IP's severely restricted, and NUT works great . . . >>> >> >> Yeah, but IANA ips are easy to spoof. With cjdns, you allow just the >> cjdns IPs to connect to nut (or whatever) and they can't be spoofed. >> You can even use telnet over cjdns ips. :-) >> >> > -- > Tim Dawson > > 972-567-9360 > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20161015/ac1c867c/attachment.html>
Roger Price
2016-Oct-16 12:52 UTC
[Nut-upsuser] Help with failing Nut slave/client connection
On Sat, 15 Oct 2016, Jonah Naylor wrote:> HI again, Sorry I didn't mean to cause a security debate. > I'd like things to be secure of course, but I've got a dilema that I don't use DHCP and instead have a block of static IPs from my ISP. > So my nut server has 68.68.452.02 for example > and my two slave clients have 68.68.452.03 and .04 > ideally I'd like to allow access for the whole static IP block to access the nut server machine. > I've tried all sorts in the nut.conf upsd.users and other config files but just can't get it to work. > > Any advice or help would be really appreciated.Is your NUT compiled with TCP-wrappers support included? Roger