[Nut-upsdev] Remote Monitoring From Web
Arjen de Korte
nut+users at de-korte.org
Mon Nov 23 07:01:50 UTC 2009
Citeren Eric Wilde <ewilde at bsmdevelopment.com>:
> When I use LISTEN, I see an error message about upsd not listening on
> port 3493. For example:
>
> LISTEN 192.168.1.1 3493
>
> gives
>
> not listening on 192.168.1.1 port 3493
Most likely, the port is already in use. What does 'netstat' say here.
> Any attempts to monitor this system's UPS from the Web UI is then met
> with:
>
> error: Connection failure: Connection refused
>
> Did anybody think this through before breaking it?
Sure. And if you would have read the archives, you would also know why we did.
> Apart from the fact
> that LISTEN seems to be broken, how is one supposed to accept connections
> from part of a network (e.g. 192.168.1.1/24) or reject connections from
> a specific machine or range of machines.
Use a firewall and read the chapter on ACCESS CONTROL in 'man 8 upsd'.
Together they will give you the same level of granularity.
> LISTEN doesn't come even close
> to the flexibility of ACL/ACCEPT.
There is nothing you can do with the previous ACL/ACCEPT mechanism
that can't be done through LISTEN, tcp-wrappers and a firewall. And
instead of giving you a false sense of security of the previous
mechanism, this will actually work against attacks on your upsd server.
Best regards, Arjen
--
Please keep list traffic on the list
More information about the Nut-upsdev
mailing list