Package: munin-node Version: 2.0.33-1 Severity: normal I recently migrated my munin server and thus I updated my munin-node configuration to allow connections from 2 servers (on IPv4 and on IPv6) with a config like this:
# Old server cidr_allow 212.83.177.246/32 cidr_allow 2a01:e0b:21e3:3::1/128 # New server cidr_allow 163.172.191.75/32 cidr_allow 2001:bc8:47c0:11f::1/128 It turns out that the new server would not manage to connect to the munin nodes. The logs were showing a message like this: 2019/12/13-21:10:02 CONNECT TCP Peer: "[::ffff:163.172.191.75]:49184" Local: "[::ffff:212.83.178.2]:4949" Invalid netblock: 42.1.14.11.33.227.0.3.0.0.0.0.0.0.0.1-163.172.191.75 at /usr/share/perl5/Net/Server.pm line 600. This made no sense to me. After a lot of tweaking, I noticed that all the "cidr_allow" for the IPv4 addresses have to be before the first cidr_allow for an IPv6 address. So just sorting the rules differently like this makes it work as expected (at least when connecting over IPv4): # Old and new, with IPv4 first and IPv6 after cidr_allow 212.83.177.246/32 cidr_allow 163.172.191.75/32 cidr_allow 2a01:e0b:21e3:3::1/128 cidr_allow 2001:bc8:47c0:11f::1/128 -- System Information: Debian Release: bullseye/sid APT prefers oldoldstable APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages munin-node depends on: ii adduser 3.118 ii gawk 1:5.0.1+dfsg-1 ii init-system-helpers 1.57 pn libmunin-node-perl <none> pn libnet-server-perl <none> ii lsb-base 11.1.0 pn munin-common <none> pn munin-plugins-core <none> ii netbase 5.8 ii perl 5.30.0-9 ii procps 2:3.3.15-2+b1 Versions of packages munin-node recommends: ii gawk 1:5.0.1+dfsg-1 pn libnet-snmp-perl <none> pn munin-plugins-core <none> pn munin-plugins-extra <none> ii procps 2:3.3.15-2+b1 Versions of packages munin-node suggests: pn acpi | lm-sensors <none> pn default-mysql-client <none> ii ethtool 1:4.19-1 ii hdparm 9.58+ds-4 pn libcache-cache-perl <none> ii libcrypt-ssleay-perl 0.73.06-1+b2 pn libdbd-mysql-perl <none> ii libdbd-pg-perl 3.10.0-2 pn liblwp-useragent-determined-perl <none> pn libnet-irc-perl <none> ii libtext-csv-xs-perl 1.40-1 ii libwww-perl 6.43-1 ii libxml-simple-perl 2.25-1 pn logtail <none> pn munin <none> pn munin-plugins-extra <none> pn munin-plugins-http <none> pn munin-plugins-java <none> pn munin-plugins-pgsql <none> pn munin-plugins-snmp <none> pn mysql-client <none> ii net-tools 1.60+git20180626.aebd88e-1 ii python 2.7.17-2 ii ruby 1:2.5.2 pn smartmontools <none>
