help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Denying connections from 255.255.255.255

From: Arnold Troeger
Subject: Re: Denying connections from 255.255.255.255
Date: Tue, 16 Sep 2003 08:18:07 +0700
User-agent: Mozilla/5.0 (X11; U; IRIX64 IP30; en-US; rv:1.4a) Gecko/20030410 
Anthony Veale wrote:

Hello,

I'm trying to set up cfengine version 2 for the first time.  I used to
use version 1 several years ago, so I'm effectively a newbie again.

The problem that I am having is with getting a remote copy to
function.

The server logs a message like:

   cfservd: Denying connection from non-authorized IP 255.255.255.255

I have no idea why the client would be identifying itself with the
global broadcast address.  That just seems bizarre.

The server and clients involved are:

Server: IRIX 6.5, cfengine 2.0.8, db 4.1.25, openssl 0.9.7b
   Note: cfengine, db and openssl compiled by hand

Client: Linux, SuSE 8.2, cfengine 2.0.3, db 4.0.14, openssl 0.8.6i
   Note: cfengine, db, openssl all from the SuSE distribution, with
   any patches supplied by SuSE.
What compiler did you use to compile cfengine on the SGI? If it was gcc, try using the MIPSpro compilers instead. There's this note about mips and IRIX 6 in the gcc docs 

   GCC does not correctly pass/return structures which are smaller than
   16 bytes and which are not 8 bytes. The problem is very involved and
   difficult to fix. It affects a number of other targets also, but IRIX
   6 is affected the most, because it is a 64-bit target, and 4 byte
   structures are common. The exact problem is that structures are being
   padded at the wrong end, e.g. a 4 byte structure is loaded into the
   lower 4 bytes of the register when it should be loaded into the upper
   4 bytes of the register.

   GCC is consistent with itself, but not consistent with the SGI C
   compiler (and the SGI supplied runtime libraries), so the only
   failures that can happen are when there are library functions that
   take/return such structures. There are very few such library
   functions. Currently this is known to affect inet_ntoa, inet_lnaof,
   inet_netof, inet_makeaddr, and semctl. Until the bug is fixed, GCC
   contains workarounds for the known affected functions.
I've had this problem too, both with cfengine and OpenSSH. Recompiling with the mipspro compiler works fine. 

--
Arnold Troeger                          Unocal Thailand
Phone:  011-66-2-545-5456               5th Floor, Tower 3, SCB Park Plaza
FAX:    011-66-2-545-5374               19 Ratchadapisek Road, Chatuchak
Email:  Arnold.Troeger@bkk.unocal.com   Bangkok 10900, Thailand
------------------------------------------------------------------------
reply via email to
[Prev in Thread] Current Thread [Next in Thread]