[Nut-upsuser] Upgraded nut & now remote monitors can't connect.

Charles Lepple clepple at gmail.com
Thu May 22 01:14:42 UTC 2008 

On Wed, May 21, 2008 at 7:43 PM, Forest Bond <forest at alittletooquiet.net> wrote:
> On Wed, May 21, 2008 at 07:39:26PM -0400, Charles Lepple wrote:
>> On Wed, May 21, 2008 at 7:28 PM, Forest Bond <forest at alittletooquiet.net> wrote:
>> > Hi,
>> >
>> > On Wed, May 21, 2008 at 06:37:43PM -0400, Charles Lepple wrote:
>> >> On Wed, May 21, 2008 at 1:31 PM, Forest Bond <forest at alittletooquiet.net> wrote:
>> >>> Hi,
>> >>>
>> >>> I upgraded nut on one of my servers, and now the upsmon on a different
>> >>> server can't connect.  I see errors like this:
>> >>>
>> >>> May 21 13:29:27 devserver upsmon[877]: Set username on [tripplite at logicserver] failed: Server disconnected
>> >>> May 21 13:29:32 devserver upsmon[877]: Poll UPS [tripplite at logicserver] failed - Write error: Bad file descriptor
>> >>>
>> >>> I have Ubuntu 8.04 on the server hosting the UPS, and Ubuntu 7.10 on the
>> >>> server that is unable to connect.  I've upgraded nut on both machines to
>> >>> 2.2.1.
>> >>
>> >> What do the server logs say?
>> >
>> > May 21 19:22:50 logicserver upsd[28316]: Rejecting TCP connection from 192.168.2.251
>>
>> Do you have ACL statements in upsd.conf?
>
> --------------------------------------------------------------------------------
> # Network UPS Tools: example upsd configuration file
> #
> # This file contains access control data, you should keep it secure.
> #
> # It should only be readable by the user that upsd becomes.  See the FAQ.
>
> ACL all 0.0.0.0/0
> ACL localhost 127.0.0.1/32
>
> ACCEPT localhost
> ACCEPT all
> #REJECT all

Ah. A bug with /0 netmasks was fixed in 2.2.2:

http://boxster.ghz.cc/projects/nut/changeset/1269

This may look a bit odd, but I just successfully tested this syntax:

ACL all0 0.0.0.0/1
ACL all128 128.0.0.0/1
ACCEPT all0
ACCEPT all128

(Starting upsd with "-DDD" shows ACL matching rules.)

Note that we are planning on dropping the ACL functionality after
v2.2.x in favor of the LISTEN directive (with finer ACL granularity
being handled by the OS firewall rules).

Arnaud: if I file a Launchpad bug against this, would changeset 1269
be appropriate for inclusion in hardy-updates?

-- 
- Charles Lepple

More information about the Nut-upsuser mailing list