[Running 4.2.3 on solaris with a lot of linux clients]
We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface.
Is there a way to do this?
Thanks, Steve
Cheesy, but you can just add the internal IP address to the /etc/hosts file of your xymon server. You'll want to have a look at /etc/nsswitch.conf to see if name resolution follows the order of "hosts: files dns".
From: sholmes42 at gmail.com [sholmes42 at gmail.com] On Behalf Of Steve Holmes [sholmes42 at mac.com] Sent: Monday, February 07, 2011 1:38 PM To: xymon at xymon.com Subject: [xymon] test ssh on private ip
[Running 4.2.3 on solaris with a lot of linux clients]
We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface.
Is there a way to do this?
Thanks, Steve
use a different name for the private address than that found in dns.
Paul Root Lead Internet Systems Eng Qwest Network Services
From: sholmes42 at gmail.com [mailto:sholmes42 at gmail.com] On Behalf Of Steve Holmes Sent: Monday, February 07, 2011 3:39 PM To: xymon at xymon.com Subject: [xymon] test ssh on private ip
[Running 4.2.3 on solaris with a lot of linux clients]
We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface.
Is there a way to do this?
Thanks, Steve
This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
In <AANLkTi=_WQjQ9n=QvvmNwiZZ-5JDT9zTvNCu0a9RRCa9 at mail.gmail.com> Steve Holmes <sholmes42 at mac.com> writes:
[Running 4.2.3 on solaris with a lot of linux clients]
We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface.
"testip" *will* force Xymon to use the IP in bb-hosts as the destination IP, *unless* you have the host listed twice in bb-hosts with conflicting options and/or IP-adresses. This would be logged in the bb-network.log file, and in the "bbtest" status message.
Regards, Henrik
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/07/2011 04:38 PM, Steve Holmes wrote:
[Running 4.2.3 on solaris with a lot of linux clients]
We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface.
Is there a way to do this?
The way I do this is to have two separate network test machines (I run them in two Solaris zones, one on the inside network and one on the outside network). I test some services from one and some from the other (depending on where they're supposed to be accessible from).
- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1QdSAACgkQmb+gadEcsb7l1gCbBE8TBlfAqbAQdm9fx+mQo3lK PpgAoNe6wdhu7JuZtgIAxlEp10BWPRKm =gA0v -----END PGP SIGNATURE-----
participants (5)
-
henrik@hswn.dk
-
novosirj@umdnj.edu
-
Paul.Root@qwest.com
-
sholmes42@mac.com
-
tm@freedom.com