330741 – upsd ignoring ACL in upsd.conf

Bug 330741 - upsd ignoring ACL in upsd.conf

Summary: upsd ignoring ACL in upsd.conf

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nut
Sub Component:
Version:	7
Hardware:	i686
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Smetana
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-10-13 16:41 UTC by Andrew Meredith
Modified:	2007-11-30 22:12 UTC (History)
CC List:	0 users
Fixed In Version:	2.0.5-6
Clone Of:
Environment:
Last Closed:	2007-11-26 18:56:54 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
upsd.conf (1.36 KB, text/plain) 2007-10-13 16:41 UTC, Andrew Meredith	no flags	Details
View All

Description Andrew Meredith 2007-10-13 16:41:24 UTC

Description of problem:

The machine has just been updated from FC5 to F7. The config for the ups service
was not changed. Now that the machine is running 2.0.5 it rejects all
connections on the external interface, but accepts localhost connections.
Previously it would accept connections from the list of acceptable addresses in
upsd.conf, now that list seems to be ignored.

Version-Release number of selected component (if applicable):

  nut-2.0.5-5
  nut-client-2.0.5-5

How reproducible:

  Every time.

Comment 1 Andrew Meredith 2007-10-13 16:41:24 UTC

Created attachment 226451 [details]
upsd.conf

Comment 2 Tomas Smetana 2007-10-15 08:45:39 UTC

I've tried to upgrade nut-2.0.3-2.1 (FC-6; FC-5 is EOLed already) to nut-2.0.5-5
and do nothing but service ups restart.  Everything works the same as before. 

Please try to examine your system a bit closer.  Are you sure that the IP tables
configuration has not been altered during upgrade?  What does the upsc output on
the client side look like?  What does upsd log in /var/log/messages during the
unsuccessful connection attempt?

Comment 3 Andrew Meredith 2007-10-15 11:38:48 UTC

There is no firewall or hosts.[allow|deny] in force. The connection test was
done locally with telnet. It was also done against another port which should
also have been accepting on both localhost and the ethernet IP address, this was
fine.

The thing I am worried about is if the ipv6 system is getting in the way. I have
no use for it, but it is still there, despite having switched it off in the
ifcfg-ethX files. The reason I am wondering about this is the error message:

   upsd[1992]: Rejecting TCP connection from ::ffff:10.103.15.50

Comment 4 Andrew Meredith 2007-10-15 11:49:02 UTC

In addition, the telnet session is at first accepted and then emmediately
dropped. This suggests that it is the application itself that is doing the dropping.

 # telnet zebedee nut
 Trying 10.103.15.50...
 Connected to zebedee.
 Escape character is '^]'.
 Connection closed by foreign host.

Comment 5 Tomas Smetana 2007-10-17 07:34:48 UTC

Seems that it's indeed the IPv6 support that breaks things.  If you don't need
IPv6 you may pass the '-4' parameter to upsd on startup: Edit /etc/sysconfig/ups
and change the line with upsd options to:

UPSD_OPTIONS=-4

Then restart ups service and please let me know whether that solves your problem.

Comment 6 Andrew Meredith 2007-10-17 11:00:48 UTC

It does indeed.

Nagios might even stop bugging me now :) Thanks.

Comment 7 Fedora Update System 2007-11-09 23:46:47 UTC

nut-2.0.5-6 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update nut'

Comment 8 Fedora Update System 2007-11-26 18:56:52 UTC

nut-2.0.5-6 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.