Re: Problem with cfengine and NAT'd addressing

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with cfengine and NAT'd addressing

From:	Mark . Burgess
Subject:	Re: Problem with cfengine and NAT'd addressing
Date:	Wed, 18 Oct 2000 12:14:10 +0200 (MET DST)

On  3 Oct, Geary Boedeker wrote:
> I'm having trouble making cfengine behave properly on hosts
> using NAT'd IP addressing. I have two hosts:
> 
> "gold" - real IP address, master of filesystem /distrib,
>          running cfd in verbose, debug mode.
> 
> "idcdistrib" - NAT'd IP address (10.5.5.20), copy of /distrib
>                running cfengine 1.6.0.a5
> 
> 
> It looks as if everybody involved knows about the SkipVerify
> directive, but the actual copy fails. I have included excerpts
> from cfd running in debug, and the cfengine log file on the client.
> 
> Am I missing something?
> 
> Thanks in advance,
> Geary Boedeker
> Applied Micro Circuits Corp.
> 
> 
> ===================================
> Excerpt from "gold" /etc/cfd.conf :
> ===================================
> 
>      .
>      .
>      control:
>      .
>      .
>       SkipVerify = ( 10.5.5 )
> 
> ===================================
> Crucial output from cfd on "gold" :
> ===================================
> 
> .
> .
> 
> Host IPs from NAT which we don't verify :
> 
> IP: 10.5.5
> .
> .
> New connection...
> ***New socket 6
> Spawning new thread...
> Checking file updates on /etc/.cfengine/inputs/cfd.conf
> (396f8648/39da3619)
> RecvSocketStream(4096)
>     (Concatenated 1460 from stream)
>     (Concatenated 1460 from stream)
>     (Concatenated 1176 from stream)
> Received: [CAUTH 10.5.5.20 idcdistrib.amcc.com root 0] on socket 6
> Connecting host identifies itself as 10.5.5.20 idcdistrib.amcc.com root
> 0
> gold: Allowing 10.5.5.20 to connect without checking ID (NAT)
> .
> .
> .
> gold: Host  denied access to /distrib
> gold: Host authentication failed or access denied
> SendTransaction()
> ***Closing socket 6 from ier         530/tcp Host  denied access to
> /distrib
> 
> 
> 
> ==================================================
> Crucial output from cfengine.log on "idcdistrib" :
> ==================================================
> .
> .
> Checking copy from gold:/distrib to /distrib
> cfengine:idcdistrib: Network access to gold:/distrib denied
> cfengine:idcdistrib: copy can't open directory [/distrib]
> Checking copy from gold:/distrib/default/etc to /etc
> cfengine:idcdistrib: Transmission refused or failed
> Got:
> cfengine:idcdistrib: Can't stat /distrib/default/etc in copy
> .
> .
> .
> 
> 
> --
>                _/_/  _/_/  _/_/   _/_/_/_/    _/_/_/_/
>             _/  _/  _/  _/  _/  _/      _/  _/      _/   APPLIED MICRO
>          _/    _/  _/  _/  _/  _/          _/              CIRCUITS
>       _/_/_/_/_/  _/      _/  _/      _/  _/      _/      CORPORATION
>    _/        _/  _/      _/   _/_/_/_/    _/_/_/_/
> 
>   Geary Boedeker                         Internet: gearyb@amcc.com
>   Applied Micro Circuits Corp.           Voice:    (858) 535-6822
>   6290 Sequence Dr. San Diego, CA 92121  Fax:      (858) 450-9885
> 
> 
> 



Thanks for pointing this out. I see the problem. I wish that there was
a more secure solution for these NATs...but I can only say that this
is an unpleasant fix for an awkward problem.  Try 1.6.0.a12 and let me
know if this helps

Mark

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Prev in Thread]

Current Thread

[Next in Thread]

Problem with cfengine and NAT'd addressing, Geary Boedeker, 2000/10/03
- Re: Problem with cfengine and NAT'd addressing, Mark . Burgess <=

Prev by Date: file checksum
Next by Date: Re: file checksum
Previous by thread: Problem with cfengine and NAT'd addressing
Next by thread: cfd stdout messages not returned on HPUX
Index(es):
- Date
- Thread