Package: munin-node
Version: 2.0.33-1
Severity: normal
I recently migrated my munin server and thus I updated my munin-node
configuration to allow connections from 2 servers (on IPv4 and on IPv6)
with a config like this:
# Old server
cidr_allow 212.83.177.246/32
cidr_allow 2a01:e0b:21e3:3::1/128
# New server
cidr_allow 163.172.191.75/32
cidr_allow 2001:bc8:47c0:11f::1/128
It turns out that the new server would not manage to connect to the munin
nodes. The logs were showing a message like this:
2019/12/13-21:10:02 CONNECT TCP Peer: "[:::163.172.191.75]:49184" Local:
"[:::212.83.178.2]:4949"
Invalid netblock: 42.1.14.11.33.227.0.3.0.0.0.0.0.0.0.1-163.172.191.75 at
/usr/share/perl5/Net/Server.pm line 600.
This made no sense to me. After a lot of tweaking, I noticed that
all the "cidr_allow" for the IPv4 addresses have to be before the first
cidr_allow for an IPv6 address. So just sorting the rules differently
like this makes it work as expected (at least when connecting over IPv4):
# Old and new, with IPv4 first and IPv6 after
cidr_allow 212.83.177.246/32
cidr_allow 163.172.191.75/32
cidr_allow 2a01:e0b:21e3:3::1/128
cidr_allow 2001:bc8:47c0:11f::1/128
-- System Information:
Debian Release: bullseye/sid
APT prefers oldoldstable
APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500,
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages munin-node depends on:
ii adduser 3.118
ii gawk 1:5.0.1+dfsg-1
ii init-system-helpers 1.57
pn libmunin-node-perl
pn libnet-server-perl
ii lsb-base 11.1.0
pn munin-common
pn munin-plugins-core
ii netbase 5.8
ii perl 5.30.0-9
ii procps 2:3.3.15-2+b1
Versions of packages munin-node recommends:
ii gawk 1:5.0.1+dfsg-1
pn libnet-snmp-perl
pn munin-plugins-core
pn munin-plugins-extra
ii procps 2:3.3.15-2+b1
Versions of packages munin-node suggests:
pn acpi | lm-sensors
pn default-mysql-client
ii ethtool 1:4.19-1
ii hdparm9.58+ds-4
pn libcache-cache-perl
ii libcrypt-ssleay-perl 0.73.06-1+b2
pn libdbd-mysql-perl
ii libdbd-pg-perl3.10.0-2
pn liblwp-useragent-determined-perl
pn libnet-irc-perl
ii libtext-csv-xs-perl 1.40-1
ii libwww-perl 6.43-1
ii libxml-simple-perl2.25-1
pn logtail
pn munin
pn munin-plugins-extra
pn munin-plugins-http
pn munin-plugins-java
pn munin-plugins-pgsql
pn munin-plugins-snmp
pn mysql-client
ii net-tools 1.60+git20180626.aebd88e-1
ii python2.7.17-2
ii ruby 1:2.5.2
pn smartmontools