Nut remote access broken - needs nat?
-
Dear List,
We ha(d) nut running at one server and the other servers connecting to that server in the same internal LAN. Since 2.0.2, none of the other servers can't connect anymore.
Read "The new default is to bind to localhost ONLY - you should add NAT rules for the NUT port (3493) to allow remote access." , but without success.
So on the UPS connected server, tried to set a nat rule:
If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports Description [Firewall rule ID is managed with this rule] LAN TCP * * LAN address 3493 10.5.1.2 3493 [edit rule] [delete rule] [add a new nat based on this one]
But no luck, :(
Please help so that the other servers can connect again.
Thanks, Alfredo
-
you need to NAT traffic on port 3493 from the lan to the loopback address and then add rules to allow the servers to use it.
-
Hi Gloom,
Thanks,
Please explain a bit more.
Could you exactly tell me what set in the nat port forward screen.
I set Destination: Type LAN Address, address empty (cannot be filled in)
Destination port range: 3493-3493
Redirect target IP 192.168.1.1 (address of this box which also has the actual UPS attached)
Redirect target port: 3493Is that right?
Which firewall rules should I set?
Thanks,
ALfredo
-
By default nut binds to 127.0.0.1 (Localhost) not to the LAN address.
I'm assuming you have nut running on the PFSense box and are trying to connect to it from other servers on the lan. If I'm wrong then so is everything that follows.
NAT pfsense-lan-ip:3493 –> 127.0.0.1:3493
Depending how restrictive your rules are you may well need to allow traffic through to 127.0.0.1 from the LAN
-
Hi Gloom,
:) Thanks
I guess the problem was that I was mixed up with the fields and that 'localhost' would not be accepted at the 127.0.0.1 address.
Now it works:
If: LAN
Proto: TCP
Scr. addr/Ports: * / *
Dest Addr/Ports: 192.168.1.1/3493
NAT IP/Ports: 127.0.0.1/3493Maybe the nut settings page should describe this a bit better.
Thanks all,
Alfredo.