[Nut-upsuser] ACL problem

Charles Lepple clepple at gmail.com
Sat Dec 22 17:17:52 UTC 2007

On Dec 21, 2007 11:07 AM, Ricardo Bugalho <ricardo at lip.pt> wrote:
> Hello,
> I'm unable to connect to upsd from anywhere except localhost and the
> debugging output is a bit weird. It looks like acl_check doesn't match
> even against 0/0.
> Here's my ACL on upsd.conf:
> ACL all
> ACL localhost
> ACL lan
> ACCEPT localhost lan
> REJECT all
> Here's the output from upsd -DDDD for a request from localhost:
> acl_check: localhost: match 1
> ACL [localhost] matches, action=1
> Connection from ::ffff:
> acl_check: localhost: match 1
> ACL [localhost] matches, action=1
> write: [destfd=7] [len=24] [BEGIN LIST VAR core-ups
> ]
> write: [destfd=7] [len=34] [VAR core-ups battery.charge "100"
> ]
> [....]
> write: [destfd=7] [len=22] [END LIST VAR core-ups
> ]
> acl_check: localhost: match 1
> ACL [localhost] matches, action=1
> Client on ::ffff: logged out
> write: [destfd=7] [len=11] [OK Goodbye
> ]
> Here's the output from a request from another host:
> acl_check: localhost: match 0
> acl_check: lan: match 0
> acl_check: all: match 0
> Rejecting TCP connection from ::ffff:
> My question being: why isn't it matching against any of the ACLs?

It could be something unexpected in how the IPv4-in-IPv6 mapping
works. (Note that all of your IP addresses printed by NUT are prefixed
with "::ffff:", which comes from the C library's inet_ntoa function.)
While the 2.0.5 code looks at the bits in the address, there is still
a chance for something weird since it was written for IPv4 and the
sockets are most likely IPv6 with an IPv4 address.

> I'm using nut 2.0.5, built for CentOS5 from the src.rpm for Fedora Core
> 9.

Is there a chance you can try this with the latest release (2.2.1),
which has some patches suggested by RedHat to improve IPv6 support?
There is a nut.spec in nut-2.2.1/packaging/redhat/ which you can drop
into RPM/SPECS. (Unfortunately, "rpmbuild -ta" probably won't work
because we have three variants of nut.spec in the tarball.)

It has been a while since I did any substantial RedHat packaging work,
but if you need help building an RPM from source without the .srpm,
try emailing the list again, as there are often RPM-savvy readers

- Charles Lepple

More information about the Nut-upsuser mailing list