Nut remote access broken - needs nat?



  • Dear List,

    We ha(d) nut running at one server and the other servers connecting to that server in the same internal LAN. Since 2.0.2, none of the other servers can't connect anymore.

    Read  "The new default is to bind to localhost ONLY - you should add NAT rules for the NUT port (3493) to allow remote access." , but without success.

    So on the UPS connected server, tried to set a nat rule:

    
    If 	Proto 	Src. addr 	Src. ports 	Dest. addr 	Dest. ports 	NAT IP 	NAT Ports 	Description 	
    
    	[Firewall rule ID is managed with this rule] 	LAN 	TCP 	* 	* 	LAN address 	3493 	10.5.1.2 	3493 	  	
    	[edit rule]
    [delete rule] 	[add a new nat based on this one]
    
    

    But no luck,  :(

    Please help so that the other servers can connect again.

    Thanks, Alfredo



  • you need to NAT traffic on port 3493 from the lan to the loopback address and then add rules to allow the servers to use it.



  • Hi Gloom,

    Thanks,

    Please explain a bit more.

    Could you exactly tell me what set in the nat port forward screen.

    I set Destination: Type LAN Address, address empty (cannot be filled in)
    Destination port range: 3493-3493
    Redirect target IP 192.168.1.1 (address of this box which also has the actual UPS attached)
    Redirect target port: 3493

    Is that right?

    Which firewall rules should I set?

    Thanks,

    ALfredo



  • By default nut binds to 127.0.0.1 (Localhost) not to the LAN address.

    I'm assuming you have nut running on the PFSense box and are trying to connect to it from other servers on the lan. If I'm wrong then so is everything that follows.

    NAT  pfsense-lan-ip:3493 –> 127.0.0.1:3493

    Depending how restrictive your rules are you may well need to allow traffic through to 127.0.0.1 from the LAN



  • Hi Gloom,

    :) Thanks

    I guess the problem was that I was mixed up with the fields and that 'localhost' would not be accepted at the 127.0.0.1 address.

    Now it works:

    If: LAN
    Proto: TCP
    Scr. addr/Ports: * / *
    Dest Addr/Ports: 192.168.1.1/3493
    NAT IP/Ports: 127.0.0.1/3493

    Maybe the nut settings page should describe this a bit better.

    Thanks all,

    Alfredo.


Locked