Problem with cfengine and NAT'd addressing

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with cfengine and NAT'd addressing

From:	Geary Boedeker
Subject:	Problem with cfengine and NAT'd addressing
Date:	Tue, 03 Oct 2000 13:30:27 -0700

I'm having trouble making cfengine behave properly on hosts
using NAT'd IP addressing. I have two hosts:

"gold" - real IP address, master of filesystem /distrib,
         running cfd in verbose, debug mode.

"idcdistrib" - NAT'd IP address (10.5.5.20), copy of /distrib
               running cfengine 1.6.0.a5


It looks as if everybody involved knows about the SkipVerify
directive, but the actual copy fails. I have included excerpts
from cfd running in debug, and the cfengine log file on the client.

Am I missing something?

Thanks in advance,
Geary Boedeker
Applied Micro Circuits Corp.


===================================
Excerpt from "gold" /etc/cfd.conf :
===================================

     .
     .
     control:
     .
     .
      SkipVerify = ( 10.5.5 )

===================================
Crucial output from cfd on "gold" :
===================================

.
.

Host IPs from NAT which we don't verify :

IP: 10.5.5
.
.
New connection...
***New socket 6
Spawning new thread...
Checking file updates on /etc/.cfengine/inputs/cfd.conf
(396f8648/39da3619)
RecvSocketStream(4096)
    (Concatenated 1460 from stream)
    (Concatenated 1460 from stream)
    (Concatenated 1176 from stream)
Received: [CAUTH 10.5.5.20 idcdistrib.amcc.com root 0] on socket 6
Connecting host identifies itself as 10.5.5.20 idcdistrib.amcc.com root
0
gold: Allowing 10.5.5.20 to connect without checking ID (NAT)
.
.
.
gold: Host  denied access to /distrib
gold: Host authentication failed or access denied
SendTransaction()
***Closing socket 6 from ier         530/tcp Host  denied access to
/distrib



==================================================
Crucial output from cfengine.log on "idcdistrib" :
==================================================
.
.
Checking copy from gold:/distrib to /distrib
cfengine:idcdistrib: Network access to gold:/distrib denied
cfengine:idcdistrib: copy can't open directory [/distrib]
Checking copy from gold:/distrib/default/etc to /etc
cfengine:idcdistrib: Transmission refused or failed
Got:
cfengine:idcdistrib: Can't stat /distrib/default/etc in copy
.
.
.


--
               _/_/  _/_/  _/_/   _/_/_/_/    _/_/_/_/
            _/  _/  _/  _/  _/  _/      _/  _/      _/   APPLIED MICRO
         _/    _/  _/  _/  _/  _/          _/              CIRCUITS
      _/_/_/_/_/  _/      _/  _/      _/  _/      _/      CORPORATION
   _/        _/  _/      _/   _/_/_/_/    _/_/_/_/

  Geary Boedeker                         Internet: gearyb@amcc.com
  Applied Micro Circuits Corp.           Voice:    (858) 535-6822
  6290 Sequence Dr. San Diego, CA 92121  Fax:      (858) 450-9885

[Prev in Thread]

Current Thread

[Next in Thread]

Problem with cfengine and NAT'd addressing, Geary Boedeker <=
- Re: Problem with cfengine and NAT'd addressing, Mark . Burgess, 2000/10/18

Prev by Date: Re: using import and groups
Next by Date: cfd stdout messages not returned on HPUX
Previous by thread: Re: using import and groups
Next by thread: Re: Problem with cfengine and NAT'd addressing
Index(es):
- Date
- Thread