[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with cfengine and NAT'd addressing
From: |
Mark . Burgess |
Subject: |
Re: Problem with cfengine and NAT'd addressing |
Date: |
Wed, 18 Oct 2000 12:14:10 +0200 (MET DST) |
On 3 Oct, Geary Boedeker wrote:
> I'm having trouble making cfengine behave properly on hosts
> using NAT'd IP addressing. I have two hosts:
>
> "gold" - real IP address, master of filesystem /distrib,
> running cfd in verbose, debug mode.
>
> "idcdistrib" - NAT'd IP address (10.5.5.20), copy of /distrib
> running cfengine 1.6.0.a5
>
>
> It looks as if everybody involved knows about the SkipVerify
> directive, but the actual copy fails. I have included excerpts
> from cfd running in debug, and the cfengine log file on the client.
>
> Am I missing something?
>
> Thanks in advance,
> Geary Boedeker
> Applied Micro Circuits Corp.
>
>
> ===================================
> Excerpt from "gold" /etc/cfd.conf :
> ===================================
>
> .
> .
> control:
> .
> .
> SkipVerify = ( 10.5.5 )
>
> ===================================
> Crucial output from cfd on "gold" :
> ===================================
>
> .
> .
>
> Host IPs from NAT which we don't verify :
>
> IP: 10.5.5
> .
> .
> New connection...
> ***New socket 6
> Spawning new thread...
> Checking file updates on /etc/.cfengine/inputs/cfd.conf
> (396f8648/39da3619)
> RecvSocketStream(4096)
> (Concatenated 1460 from stream)
> (Concatenated 1460 from stream)
> (Concatenated 1176 from stream)
> Received: [CAUTH 10.5.5.20 idcdistrib.amcc.com root 0] on socket 6
> Connecting host identifies itself as 10.5.5.20 idcdistrib.amcc.com root
> 0
> gold: Allowing 10.5.5.20 to connect without checking ID (NAT)
> .
> .
> .
> gold: Host denied access to /distrib
> gold: Host authentication failed or access denied
> SendTransaction()
> ***Closing socket 6 from ier 530/tcp Host denied access to
> /distrib
>
>
>
> ==================================================
> Crucial output from cfengine.log on "idcdistrib" :
> ==================================================
> .
> .
> Checking copy from gold:/distrib to /distrib
> cfengine:idcdistrib: Network access to gold:/distrib denied
> cfengine:idcdistrib: copy can't open directory [/distrib]
> Checking copy from gold:/distrib/default/etc to /etc
> cfengine:idcdistrib: Transmission refused or failed
> Got:
> cfengine:idcdistrib: Can't stat /distrib/default/etc in copy
> .
> .
> .
>
>
> --
> _/_/ _/_/ _/_/ _/_/_/_/ _/_/_/_/
> _/ _/ _/ _/ _/ _/ _/ _/ _/ APPLIED MICRO
> _/ _/ _/ _/ _/ _/ _/ CIRCUITS
> _/_/_/_/_/ _/ _/ _/ _/ _/ _/ CORPORATION
> _/ _/ _/ _/ _/_/_/_/ _/_/_/_/
>
> Geary Boedeker Internet: gearyb@amcc.com
> Applied Micro Circuits Corp. Voice: (858) 535-6822
> 6290 Sequence Dr. San Diego, CA 92121 Fax: (858) 450-9885
>
>
>
Thanks for pointing this out. I see the problem. I wish that there was
a more secure solution for these NATs...but I can only say that this
is an unpleasant fix for an awkward problem. Try 1.6.0.a12 and let me
know if this helps
Mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~