Hi thanks Roger, I've amended my hosts.allow file to your suggested one - thanks for that. I'm still getting "Connection refused on the client cgi screen as well as in the shell it gives me UPS upsname at ipaddresshere is unavailable... Any ideas what I can try next to debug why it's not working. Also should the "allowfrom = clientIPaddresshere" line be in my monuser entry in upsd.users on the master, or should I take that out? Thanks once again for the help. On 25 November 2016 at 12:37, Roger Price <roger at rogerprice.org> wrote:> On Fri, 25 Nov 2016, Jonah Naylor wrote: > > upsd : ipaddressofclientgoeshere >> > > If it were me I would write > > upsd : ipaddressofclient :\ > spawn (/bin/mail -r hosts.allow at localhost\ > -s '%s@%h accepted access to %d from %c'\ > sysadmin at somedomain) & : ALLOW > > upsd : ALL :\ > spawn (/bin/mail -r hosts.allow at localhost\ > -s '%s@%h refused access to %d from %c'\ > sysadmin at somedomain) & : DENY > > so I get a trace of what happens, at least during testing. > > ups : monuser at 127.0.0.1/32 monuser at masterstaticIP monuser at slavestaticIP >> > > I'm not sure what you are trying to do here. In any case, the daemon_list > should specify upsd, not ups. See man 5 hosts_access. > > Rogr > > _______________________________________________ > Nut-upsuser mailing list > Nut-upsuser at lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20161125/ca29f5a2/attachment.html>
On Fri, 25 Nov 2016, Jonah Naylor wrote:> I'm still getting "Connection refused on the client cgi screen as well > as in the shell it gives me UPS upsname at ipaddresshere is unavailable...You reported that access works correctly from elsewhere on the master subnetwork. Does access from the master subnetwork produce the "accepts" e-mail message generated by the hosts.allow specification ? You need to test that this is working correctly.> Any ideas what I can try next to debug why it's not working.Being able to ping from A to B does not guarantee that TCP gets through. Can you ssh from slave to master? Are you intending to shut down the slave if wall power fails for the master?, or is it just for administrative access? For general debugging, have you tried sniffing the two subnetworks with tcpdump to see if the slave traffic reaches the master or is blocked elsewhere? If the slave traffic reaches the master, then running upsd with -DDD options might show something.> Also should the "allowfrom = clientIPaddresshere" line be in my monuser > entry in upsd.users on the master, or should I take that out?I have no experience of this option, perhaps others could help you there. Roger
Hi, When on the same LAN it just worked without anything in the hosts.allow file. It's difficult for me to now put the slave back on the same lan as the master due to the way the production servers are being used... Causing downtime etc... I do have another spare server though which I could put on the same lan with the master to see if that will work? I'll report back my findings when I get chance to try this... I can ssh in both ways from the master to the slave and the slave to the master. I wanted NUT to shutdown the slave when the wall power fails as you say. Currently the slave is at risk as it shares the same ups in the same cabinet, but is on a different network. Also I'll remove that allowfrom option for now if it maybe isn't needed. Thanks again. On 25 November 2016 at 14:41, Roger Price <roger at rogerprice.org> wrote:> On Fri, 25 Nov 2016, Jonah Naylor wrote: > > I'm still getting "Connection refused on the client cgi screen as well as >> in the shell it gives me UPS upsname at ipaddresshere is unavailable... >> > > You reported that access works correctly from elsewhere on the master > subnetwork. Does access from the master subnetwork produce the "accepts" > e-mail message generated by the hosts.allow specification ? > > You need to test that this is working correctly. > > Any ideas what I can try next to debug why it's not working. >> > > Being able to ping from A to B does not guarantee that TCP gets through. > Can you ssh from slave to master? > > Are you intending to shut down the slave if wall power fails for the > master?, or is it just for administrative access? > > For general debugging, have you tried sniffing the two subnetworks with > tcpdump to see if the slave traffic reaches the master or is blocked > elsewhere? > > If the slave traffic reaches the master, then running upsd with -DDD > options might show something. > > Also should the "allowfrom = clientIPaddresshere" line be in my monuser >> entry in upsd.users on the master, or should I take that out? >> > > I have no experience of this option, perhaps others could help you there. > > Roger > > _______________________________________________ > Nut-upsuser mailing list > Nut-upsuser at lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20161125/f16af22d/attachment.html>