Thanks, Seve! Sorry, that was a typo on the port number. But, I think I didn't make my point very well. Let me try again.
I am not wanting to change the port number. I need to direct communication from the cfengine server to the target host via VPNGW-IPaddr:Portnumber which will ultimately do the right thing to get to the target host inside the VPN. What I want to do is similar to using bindtointerface, but I need to ALSO specify a port number on the VPN-GW. For example, bindtointerface syntax currently looks like this in promises.cf: (Given that VPN-GW is 123.45.6.234) targethost_es_net:: bindtointerface => "123.45.6.234"; What this does is tell cfengine to talk to the VPN-GW to get to the target host. But of course this won't work because there's no way the VPN-GW will know what to do with cfengine packets. But, if bindtointerface allowed me to specify a port number on the VPN-GW (which is configured to direct packets from this port to the target), maybe something like this: (Given: VPN-GW is 123.45.6.234 Port number on VPN-GW NAT'd to target host: 4567) targethost_es_net:: bindtointerface => "123.45.6.234:4567" Then when the packet reached the VPN-GW on port 4567, it's NAT protocol would direct those packets to targethost_es_net which is *inside* the VPN. I hope this makes it more clear what I'm trying to do. Thanks, deb On 12/15/10 10:08 PM, Seva Gluschenko wrote: > Deb, > > The default port is 5308, not 5306, and you don't want to change it > unless you definitely have no choice (say, 5308 is completely occupied > in your infrastructure by bad coincidence). But, if you explicitly > want to, look at "port" option of control bodies. > > 2010/12/16 Deb Heller<d...@es.net>: >> Hello, >> >> We will be deploying a remote testbed that will sit on inside a VPN >> network. I've had a request that the developers would like to have the >> testbed hosts maintained by cfengine. However, the cfengine servers are >> outside the VPN network. >> >> For similar purposes, when accessing a host inside the VPN network, I >> have NAT'd ports in the VPN gateway as a tunnel to the target server. >> >> For example, our Nagios server accesses VPN hosts through a VPN-Gateway >> by NAT'ing a port to the target host. To access, one would use the >> VPN-GW-IPaddr:PortNumber where the Port Number directs the packets via >> the VPN-GW to the appropriate port on the target host. >> >> A specific port number maps to each target host and the appropriate port >> number on that specific target host. It is my understanding that >> Cfengine uses port 5306 communicate. But, now I need the cfengine >> server to talk to the VPN-GW, to get through to the target host. That >> host will actually be represented by the IP addr of the VPN-GW + >> PortNumber (representing the target host) which will ultimately be >> directed to port 5306 on the target host. >> >> bintointerface in agent seems to be the closest to what I need, but it >> doesn't seem to have the ability to also assign a port. >> >> Ideas? >> >> deb >> >> -- >> Deb Heller-Evans 1 Cyclotron Road >> Computer Systems Engineer Berkeley, CA 94720 >> >> >> _______________________________________________ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine >> > > _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
