test ssh on private ip
list Steve Holmes
[Running 4.2.3 on solaris with a lot of linux clients] We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface. Is there a way to do this? Thanks, Steve
list Tim McCloskey
Cheesy, but you can just add the internal IP address to the /etc/hosts file of your xymon server. You'll want to have a look at /etc/nsswitch.conf to see if name resolution follows the order of "hosts: files dns".
▸
From: user-5425c7b245e1@xymon.invalid [user-5425c7b245e1@xymon.invalid] On Behalf Of Steve Holmes [user-ec1bf77b1b44@xymon.invalid]
Sent: Monday, February 07, 2011 1:38 PM
To: xymon at xymon.com
Subject: [xymon] test ssh on private ip
[Running 4.2.3 on solaris with a lot of linux clients]
We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface.
Is there a way to do this?
Thanks,
Steve
list Paul Root
use a different name for the private address than that found in dns. Paul Root Lead Internet Systems Eng Qwest Network Services
▸
From: user-5425c7b245e1@xymon.invalid [mailto:user-5425c7b245e1@xymon.invalid] On Behalf Of Steve Holmes
Sent: Monday, February 07, 2011 3:39 PM
To: xymon at xymon.com
Subject: [xymon] test ssh on private ip
[Running 4.2.3 on solaris with a lot of linux clients]
We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface.
Is there a way to do this?
Thanks,
Steve
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
list Henrik Størner
▸
In <AANLkTi=_WQjQ9n=user-7485c4c35ac5@xymon.invalid> Steve Holmes <user-ec1bf77b1b44@xymon.invalid> writes:
[Running 4.2.3 on solaris with a lot of linux clients]
We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface.
"testip" *will* force Xymon to use the IP in bb-hosts as the destination
IP, *unless* you have the host listed twice in bb-hosts with conflicting
options and/or IP-adresses. This would be logged in the bb-network.log
file, and in the "bbtest" status message.
Regards,
Henrik
list Ryan Novosielski
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
▸
On 02/07/2011 04:38 PM, Steve Holmes wrote:[Running 4.2.3 on solaris with a lot of linux clients] We have a heavily (some would say 'insanely') firewalled environment. For some clients, I need to be able to test ssh on the private ip address, but even though I have the private ip in the bb-hosts file and have specified testip, the ssh test insists on testing the public address (which it is getting from DNS, apparently) and fails because the firewall doesn't allow ssh connections on that interface. Is there a way to do this?
The way I do this is to have two separate network test machines (I run them in two Solaris zones, one on the inside network and one on the outside network). I test some services from one and some from the other (depending on where they're supposed to be accessible from). - -- - ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$&| |__| | | |__/ | \| _| |user-ae4522577e16@xymon.invalid - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/CST-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1QdSAACgkQmb+gadEcsb7l1gCbBE8TBlfAqbAQdm9fx+mQo3lK PpgAoNe6wdhu7JuZtgIAxlEp10BWPRKm =gA0v -----END PGP SIGNATURE-----