View Issue Details

IDProjectCategoryView StatusLast Update
0001072Main CAcert Websitemy accountpublic2013-01-15 18:19
ReporterNEOatNHNG Assigned ToNEOatNHNG  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2012 Q2 
Summary0001072: CATS results don't get imported due to IP address change
DescriptionDue to a change in the routing on TUNIX the source IP address of the CATS server changed.
TagsNo tags attached.
Reviewed bydastrath, Ted, NEOatNHNG
Test Instructions

Relationships

related to 0001107 new CATS.cacert.org CACert CATS Manual has only one page, which is mostly empty 

Activities

NEOatNHNG

2012-06-09 21:33

administrator   ~0003059

Fix is available. Can not be tested on the test server because there the CATS local CATS server of course has a different IP address.

NEOatNHNG

2012-06-09 21:34

administrator   ~0003060

Dirk reviewed the fix with the following comments:

cats.cacert.org resolves correctly to the new (changed) ip-adress 213.254.225.243 ...

the 172.16.2.27 is unknown to me, but i was able to find it in the wiki ...

maybe wytze or mendel can confirm these ip-adresses for cats.cacert.org when applying this patch ...

Ted

2012-06-09 21:34

administrator   ~0003061

Relevant file is /www/cats/cats_import.php

Ted

2012-06-09 21:50

administrator   ~0003062

Last edited: 2012-06-09 21:51

View 2 revisions

According to the error message the server sees the source IP 213.154.225.243, so this one should be implemented correctly.

I don't know about 172.16.2.27, according to ifconfig the CATS server uses 10.0.0.27 behind the firewall.

IIRC (yes, such things should be worth a comment, but obviously I made none) the second IP address was introduced to allow a clean transfer of the CATS server to another machine. The old second address of 193.238.157.112 seems to be from the same subnet as test1.cacert.at, which was the initial server for development...

So probably the second address is currently obsolete and might be set to the same address as the first one, but an internal address should not do much harm also.

Reviewed the changes, they are acceptable.

NEOatNHNG

2012-06-09 22:33

administrator   ~0003063

Mail sent to critical admins.

Ted

2012-06-10 11:18

administrator   ~0003064

Fix installes by Mendel on main webserver.

According to logfiles result upload did succeed at Sun Jun 10 09:15:02 2012

wytze

2012-06-11 09:18

developer   ~0003066

To clarify the confusion about internal IP 10.0.0.27 and 172.16.2.27:

There are currently actually two firewalls in front of the cats server (and all other CAcert infrastructure servers), both performing NAT
* The first (external) firewall maps between external IP 213.154.225.243 and internal IP 172.16.2.27.
* The second firewall (on infra01) maps between 172.16.2.22 and 10.0.0.27. The latter address is the one seen by the cats software itself.

Issue History

Date Modified Username Field Change
2012-06-09 20:40 NEOatNHNG New Issue
2012-06-09 20:40 NEOatNHNG Assigned To => NEOatNHNG
2012-06-09 21:33 NEOatNHNG Note Added: 0003059
2012-06-09 21:34 NEOatNHNG Note Added: 0003060
2012-06-09 21:34 Ted Note Added: 0003061
2012-06-09 21:50 Ted Reviewed by => Ted
2012-06-09 21:50 Ted Note Added: 0003062
2012-06-09 21:51 Ted Note Edited: 0003062 View Revisions
2012-06-09 21:55 NEOatNHNG Source_changeset_attached => cacert-devel testserver b916b8fd
2012-06-09 21:55 NEOatNHNG Source_changeset_attached => cacert-devel testserver 042c5b32
2012-06-09 22:10 NEOatNHNG Reviewed by Ted => Ted, NEOatNHNG
2012-06-09 22:10 NEOatNHNG Status new => needs review & testing
2012-06-09 22:33 NEOatNHNG Reviewed by Ted, NEOatNHNG => dastrath, Ted, NEOatNHNG
2012-06-09 22:33 NEOatNHNG Note Added: 0003063
2012-06-09 22:33 NEOatNHNG Status needs review & testing => ready to deploy
2012-06-10 11:18 Ted Note Added: 0003064
2012-06-10 11:18 Ted Status ready to deploy => closed
2012-06-10 11:18 Ted Resolution open => fixed
2012-06-11 09:18 wytze Note Added: 0003066
2012-12-12 01:10 NEOatNHNG Source_changeset_attached => cacert-devel testserver 8bd80350
2012-12-27 17:07 Werner Dworak Relationship added related to 0001107
2013-01-15 18:19 Werner Dworak Fixed in Version => 2012 Q2