Thanks, Mark! Will do so.
deb On 12/16/10 8:15 AM, Mark Burgess wrote: > Should be pretty trivial. The code is basically there but hidden > > http://www.cfengine.org/manuals/cf3-reference.html#port-in-runagent > > If you register a feature request, be sure to explain the scenario to > make sure we understand > > M > > On 12/16/2010 04:03 PM, Deb Heller-Evans wrote: >> Seva, >> >> Yes, I think that's it. >> I wonder how hard it would be to add this functionality... >> >> deb >> >> On 12/16/10 6:53 AM, Seva Gluschenko wrote: >>> Deb, >>> >>> you mean source port, don't you? Unfortunately, there's no such option >>> in Cfengine, AFAIK. Probably, a high time for the feature request? >>> >>> 2010/12/16 Deb Heller-Evans<d...@es.net>: >>>> Thanks, Seve! Sorry, that was a typo on the port number. But, I think I >>>> didn't make my point very well. Let me try again. >>>> >>>> I am not wanting to change the port number. I need to direct communication >>>> from the cfengine server to the target host via VPNGW-IPaddr:Portnumber >>>> which will ultimately do the right thing to get to the target host inside >>>> the VPN. >>>> >>>> What I want to do is similar to using bindtointerface, but I need to ALSO >>>> specify a port number on the VPN-GW. For example, bindtointerface syntax >>>> currently looks like this in promises.cf: (Given that VPN-GW is >>>> 123.45.6.234) >>>> >>>> targethost_es_net:: >>>> bindtointerface => "123.45.6.234"; >>>> >>>> What this does is tell cfengine to talk to the VPN-GW to get to the target >>>> host. But of course this won't work because there's no way the VPN-GW will >>>> know what to do with cfengine packets. But, if bindtointerface allowed me >>>> to >>>> specify a port number on the VPN-GW (which is configured to direct packets >>>> from this port to the target), maybe something like this: >>>> >>>> (Given: >>>> VPN-GW is 123.45.6.234 >>>> Port number on VPN-GW NAT'd to target host: 4567) >>>> >>>> targethost_es_net:: >>>> bindtointerface => "123.45.6.234:4567" >>>> >>>> Then when the packet reached the VPN-GW on port 4567, it's NAT protocol >>>> would direct those packets to targethost_es_net which is *inside* the VPN. >>>> >>>> I hope this makes it more clear what I'm trying to do. >>>> >>>> Thanks, >>>> >>>> deb >>>> >>>> On 12/15/10 10:08 PM, Seva Gluschenko wrote: >>>>> Deb, >>>>> >>>>> The default port is 5308, not 5306, and you don't want to change it >>>>> unless you definitely have no choice (say, 5308 is completely occupied >>>>> in your infrastructure by bad coincidence). But, if you explicitly >>>>> want to, look at "port" option of control bodies. >>>>> >>>>> 2010/12/16 Deb Heller<d...@es.net>: >>>>>> Hello, >>>>>> >>>>>> We will be deploying a remote testbed that will sit on inside a VPN >>>>>> network. I've had a request that the developers would like to have the >>>>>> testbed hosts maintained by cfengine. However, the cfengine servers are >>>>>> outside the VPN network. >>>>>> >>>>>> For similar purposes, when accessing a host inside the VPN network, I >>>>>> have NAT'd ports in the VPN gateway as a tunnel to the target server. >>>>>> >>>>>> For example, our Nagios server accesses VPN hosts through a VPN-Gateway >>>>>> by NAT'ing a port to the target host. To access, one would use the >>>>>> VPN-GW-IPaddr:PortNumber where the Port Number directs the packets via >>>>>> the VPN-GW to the appropriate port on the target host. >>>>>> >>>>>> A specific port number maps to each target host and the appropriate port >>>>>> number on that specific target host. It is my understanding that >>>>>> Cfengine uses port 5306 communicate. But, now I need the cfengine >>>>>> server to talk to the VPN-GW, to get through to the target host. That >>>>>> host will actually be represented by the IP addr of the VPN-GW + >>>>>> PortNumber (representing the target host) which will ultimately be >>>>>> directed to port 5306 on the target host. >>>>>> >>>>>> bintointerface in agent seems to be the closest to what I need, but it >>>>>> doesn't seem to have the ability to also assign a port. >>>>>> >>>>>> Ideas? >>>>>> >>>>>> deb >>>>>> >>>>>> -- >>>>>> Deb Heller-Evans 1 Cyclotron Road >>>>>> Computer Systems Engineer Berkeley, CA 94720 >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Help-cfengine mailing list >>>>>> Help-cfengine@cfengine.org >>>>>> https://cfengine.org/mailman/listinfo/help-cfengine >>>>>> >>> >> _______________________________________________ >> Help-cfengine mailing list >> Help-cfengine@cfengine.org >> https://cfengine.org/mailman/listinfo/help-cfengine > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
