Search Results

Search found 35296 results on 1412 pages for '12 10'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 202/1412 | < Previous Page | 198 199 200 201 202 203 204 205 206 207 208 209  | Next Page >

  • Postfix won't run while selinux in enforcing mode

    - by Dina Abu-khader
    I enabled selinux forcing mode on Fedora 15 , and I was able to get apache, mysql and memcached to work fine , but I couldn't get postfix to run . I got the following errors : systemd[1]: Unit postfix.service entered failed state. kernel: [146194.117602] type=1400 audit(1318924444.361:3809): avc: denied { module_request } for pid=15447 comm="postfix" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system kernel: [146194.145456] type=1400 audit(1318924444.389:3810): avc: denied { module_request } for pid=15452 comm="master" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system kernel: [146194.146585] type=1400 audit(1318924444.390:3811): avc: denied { module_request } for pid=15452 comm="master" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system kernel: [146194.390715] type=1400 audit(1318924444.633:3812): avc: denied { module_request } for pid=15479 comm="postsuper" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system kernel: [146194.451670] type=1400 audit(1318924444.694:3813): avc: denied { module_request } for pid=15516 comm="postlog" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system kernel: [146194.459587] type=1400 audit(1318924444.702:3814): avc: denied { module_request } for pid=15517 comm="master" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system kernel: [146194.460786] type=1400 audit(1318924444.703:3815): avc: denied { module_request } for pid=15517 comm="master" kmod="net-pf-10" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system systemd[1]: PID 15517 read from file /var/spool/postfix/pid/master.pid does not exist. Your service or init script might be broken. systemd[1]: postfix.service: main process exited, code=exited, status=1 following steps were done : I reinstall postfix Created .autorelable and reboot restorecon -R -v /etc/postfix restorecon -R -v /var/lib/postfix Can someone tell me what am doing wrong ? Update It turns out that we have to disable the ipv6 in the main.cf and these errors were disappear. THank you

    Read the article

  • SQL Server 2008 Logshipping not Restoring

    - by Nai
    I am getting the following errors during the restore part of the Logshipping process on my secondary server: 2010-04-01 10:00:01.85 Error: The file 'F:\UK_20100327090001.trn' is too recent to apply to the secondary database 'UK_Backup'.(Microsoft.SqlServer.Management.LogShipping) 2010-04-01 10:00:01.85 Error: The log in this backup set begins at LSN 55408000007387500001, which is too recent to apply to the database. An earlier log backup that includes LSN 55147000001788900001 can be restored. RESTORE LOG is terminating abnormally.(.Net SqlClient Data Provider) 2010-04-01 10:00:01.87 Searching for an older log backup file. Secondary Database: 'UK_Backup' 2010-04-01 10:00:01.90 Skipped log backup file. Secondary DB: 'UK_Backup', File: 'F:\UK_20100324090000.trn' 2010-04-01 10:00:01.93 Error: Could not find a log backup file that could be applied to secondary database 'UK_Backup'.(Microsoft.SqlServer.Management.LogShipping) 2010-04-01 10:00:01.93 Deleting old log backup files. Primary Database: 'UK' 2010-04-01 10:00:01.96 The restore operation completed with errors. Secondary ID: 'c066bb63-930c-4b73-861c-f59f0a38c12c' It was happily humming along until I checked it this morning. Some additional details. In the Logshipping folder, there is one file UK_20100324090001.trn dated on the 2009-3-24. The next most recent .trn file is the UK_20100374090001.trn which is the file that was applied during the restore. Why is there an older trn file seemingly on it's own? How can I fix this problem? It'll be a real pain to restart the entire logshipping process. x_x

    Read the article

  • Secure iptables config for Samba

    - by Eric
    I'm trying to setup an iptables config such that outbound connections from my CentOS 6.2 server are allowed ONLY if they are of state ESTABLISHED. Currently, the following setup is working great for sshd, but all the Samba rules get totally ignored for a reason I cannot figure out. iptables Bash script to setup ALL rules: # Remove all existing rules iptables -F # Set default chain policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # Allow incoming SSH iptables -A INPUT -i eth0 -p tcp --dport 22222 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22222 -m state --state ESTABLISHED -j ACCEPT # Allow incoming Samba iptables -A INPUT -i eth0 -s 10.1.1.0/24 -p udp --dport 137:138 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -d 10.1.1.0/24 -p udp --sport 137:138 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -s 10.1.1.0/24 -p tcp --dport 139 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -d 10.1.1.0/24 -p tcp --sport 139 -m state --state ESTABLISHED -j ACCEPT # Enable these rules service iptables restart iptables rule list after running the above script: [root@repoman ~]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:22222 state NEW,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:22222 state ESTABLISHED Ultimately, I'm trying to restrict Samba the same way I have done for sshd. In addition, I'm trying to restrict connections to the following IP address range: 10.1.1.12 - 10.1.1.19 Can you guys offer some pointers or possibly even a full-blown solution? I've read man iptables quite extensively, so I'm not sure why the Samba rules are getting thrown out. Additionally, removing the -s 10.1.1.0/24 flags don't change the fact the rules get ignored.

    Read the article

  • SNAT through Racoon IPSec VPN

    - by Mite fine d'ailes
    I am trying to route traffic from a device (that I will call "target") connected to my Ubuntu box (that I will call "host") to servers at a remote office. The host uses a Racoon IPSec VPN, connected through a NIC called efix. This creates an aliased IF called efix:0 which has IP adress 192.168.190.132. It is able to reach the servers. The link between host and target is an Ethernet link, using IP adresses 10.0.0.1 on IF eusb for the host and 10.0.0.2 on IF eth0 for the target. I have setup the following routes and iptables entries: On target: 10.0.0.0 * 255.255.255.0 U 0 0 0 eth0 default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0 On host: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to 192.168.190.132 iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT iptables -A FORWARD -d 10.0.0.0/24 -j ACCEPT Using Wireshark to monitor an HTTP GET, I can see SYN packets from the target go all the way to the server, but the server's SYNACK packets stop at the host and are not forwarded to the target. Am I missing something here ? Isn't SNAT supposed to keep track of the connections ?

    Read the article

  • HP Procurve Issue Passing Multiple VLANs over a link

    - by MichaelRwat
    Just to start off with I am a Cisco guy that got placed into an HP project. Basic topology overview from outside in: ASA 5505 with two Ethernet connections to a 2910-24 port switch. This switch is then (Cisco Trunking) to a 2626 switch passing vlan (1 untagged and 100 tagged)between them. I created SVI's on each of the switches for both VLAN's for testing purposes. I can not get vlan 100 to pass across this link. I also have trunks configured to AP's off of the switch and can not ping the vlan 100 BVI on the AP's but can reach the vlan 1 BVI. Port 25 on Access layer (2626) connects (trunks) with port A1 of 2610. STP is not running at all on any switch (this is not my network I can't change this nor did I design this) Distribution Sw: MP1-0# show run ip default-gateway 10.100.100.100 vlan 1 name "DATA" untagged 1-22,24-A1,B1 ip address 10.100.100.6 255.255.255.0 no untagged 23 exit vlan 100 name "GUEST" untagged 23 tagged 24-A1 ip address 10.100.102.6 255.255.255.0 exit Access Sw: ip default-gateway 10.100.100.100 vlan 1 name "DEFAULT_VLAN" untagged 1-26 ip address 10.100.100.5 255.255.255.0 exit vlan 100 name "GUEST" ip address 10.100.102.5 255.255.255.0 tagged 15,25 exitt From the ASA I can ping the vlan 100 address of the 2610 but not the 2626 (10.100.102.6)[Not passing the "trunk"] If I plug into an access port vlan 100 of the 2626 I can ping the SVI for vlan 100 as intended. I can not ping across the "trunk" over vlan 100 but I can across vlan 1. There may be something obvious I'm missing but please review my configuration and thank you for the assistance.

    Read the article

  • Instabilities with Bridged and bonded interfaces

    - by Henry-Nicolas Tourneur
    I did post yesterday to get a working setup with several bridged interfaces used for virtual machines (KVM/libvirt). One of the bridged interface is just using eth3 as its ports while the second one (public traffic) is using an ethernet bonded interface. That setup is working but not all the time ! I can start a download from a vm, then it will stop and freeze! So I don't know if my bridge parameters are correct, could you check the below config ? iface eth3 inet manual auto bond0 iface bond0 inet manual slaves eth1 eth2 pre-up ip link set bond0 up down ip link set bond0 down auto br0 iface br0 inet static address 10.160.0.7 netmask 255.255.255.128 bridge_ports eth3 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp on auto br0:1 iface br0:1 inet static address 10.160.0.9 netmask 255.255.255.255 auto br0:2 iface br0:2 inet static address 10.160.0.10 netmask 255.255.255.255 auto br1 iface br1 inet static address 217.4.40.242 netmask 255.255.255.240 gateway 217.4.40.241 pre-up /etc/network/firewall start bridge_ports bond0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp on auto br1:1 iface br1:1 inet static address 217.4.40.252 netmask 255.255.255.255 auto br1:2 iface br1:2 inet static address 217.4.40.253 netmask 255.255.255.255 And yes, it also sometimes speaks about martian on the host: kernel: [249146.055172] martian source 10.160.0.17 from 10.160.0.10, on dev vnet2 kernel: [249146.073122] ll header: ff:ff:ff:ff:ff:ff:54:52:00:76:c3:5c:08:06

    Read the article

  • Deciphering an IIS6 Httperr log file

    - by smackaysmith
    We have a Windows 2003 R2 SP2 server with iis6 that is creating a 1024kb httperr file every minute. I can't figure out what I'm looking at. Here's a snippet: 2010-03-24 13:15:05 10.53.2.35 1667 10.53.2.12 80 HTTP/1.1 PUT /hserver.dll?&V01|&IMAC=0080646077AB|CID=32|CN=LWT0080646077AB|ED=1|IP=10.53.2.35|SM=255.255.255.0|GW=10.53.2.1|SN=10.53.2.255|DM=logs.com|1D=10.53.2.12|2D=10.101.2.12|0D=1|AL=/usr/sbin/netxserv|AV=4.1.0.0|CP=VIAüEstherüprocessorüü800MHz|CPS=800|RM=190512|B1=1.18|PD2=1024x768x16ü@ü60Hz|IM=6.6.2-02|CI=3600|SN#=6KHDG301300|OS=23|VI=1|P1=24|TZO=-301|TZ=CDT|FS=128|MD=2003-04|CO=|LO=|AP0=BaseüSystem|NA|6.6.2-02|AP1=RapportüAgent|NA|4.1.0-3.26|AP2=TrueType|NA|6.8.0-3.4|AP3=WebFonts|NA|2.0.4-3.6|AP4=TrueTypeüFonts|NA|6.8.0-3.5|AP5=Network_login|NA|1.0.0-1.0.3|AP6=ScreenüSaver|NA|3.13|AP7=DMonitor|NA|1.0.0-0.4.0|AP8=MozillaüFirefox_15|NA|1.5.0.8-3.6|AP9=RemoteüShadow|NA|3.17|AP10=RemoteüDesktop|NA|1.6.0-1.0|AP11=SNMP|NA|5.1.3.1-3.13|AP12=LinuxüPrinting|NA|3.8.27-3.33|AP13=SSH|NA|3.8.1-3.25|AP14=ThinPrint|NA|6.2.87-0.2|AP15=XDMCP|NA|6.8.0-3.29|AP16=Ericom|NA|8.2.0-3.29|AP17=Daylightüsavingütimeüupdate|NA|1.1.0-1.0.0| 411 - LengthRequired - What on earth am I looking at? Nothing in the system or app logs. Finally, in iis manager, Default Web Site label has boxes instead of spaces. Very odd.

    Read the article

  • What does this strange network/subnet mask mean?

    - by dunxd
    I'm configuring a new ASA 5505 for deployment as a VPN endpoint in a remote office. After configuring it and connecting the VPN, I get the following messages: WARNING: Pool (10.6.89.200) overlap with existing pool. ERROR: IP address,mask <10.10.0.0,93.137.70.9> doesn't pair 10.6.89.200 is the address I configured for the ASA. It has the subnet mask 255.255.255.0. The ip address 10.10.0.0 corresponds to one of our subnets, but it certainly wouldn't have a subnet mask of 93.137.70.9. That looks more like a public IP address (and resolves to an ADSL connection somewhere). I am sure if we had such a subnet configured, that it would indeed overlap with 10.6.89.200. There is no reference to 93.137.70.9 in the config of this ASA or our head office ASA. Can anyone shed light on what is going on here? The sudden appearance of a strange subnet mask is a bit alarming.

    Read the article

  • How to find the real IP to which IPVS is routing a virtual IP

    - by Wayne Conrad
    I'm trying to find a problem server hiding behind a virtual IP (using LVS/ipvs). I've got a test program that sends requests to the virtual IP until it gets the bad response, but how can I tell to which real IP a request to the virtual IP got routed? On the box doing the virtual IP magic, here's the virtual IP configuration (for the service I care about): IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn ... TCP 10.1.0.254:5025 nq -> 10.1.0.5:5025 Route 1 0 1 -> 10.1.0.6:5025 Route 1 0 5 -> 10.1.0.7:5025 Route 1 0 2 -> 10.1.0.9:5025 Local 1 0 3 -> 10.1.0.11:5025 Route 1 0 3 ... My client program is sending TCP requests to 10.1.0.254:5025, usually getting a good response but sometimes a bad response. With this few servers, I could send my request to each server in turn until I discover the culprit, but I wonder if that technique will scale as we add servers. What means exist for me to find out where requests got routed? Kernel: Linux 2.6.32 OS: Debian testing (whatever that's called these days). ipvsadm is version 1.25, compiled with ipvs v1.2.1

    Read the article

  • Is this a solution for having multiple SSL certificates on the same IP

    - by Saif Bechan
    I am running CentOS running on a VPS. I read some guides on having multiple SSL certificates on the same system, but I can not get the basics to work. The guide I got that makes the most sense to me is the doing the following. In CentOS I can make virtual NIC's. So I made 2 virtual NIC's to start with. 192.168.10.1, 192.168.10.2. Now I work in ISP manager Pro, so this is listening on my primary ip 1.1.1.1 For each website I have them listening on 192.168.10.1:80, 192.168.10.1:443 In the hosts file I made the following 2 entries 192.168.10.1 1st.com 192.168.10.2 2nd.com Now the strange thing is that when I browser to 1st.com I do not get the website located at 192.168.10.1, I get the website located at my prim IP 1.1.1.1 Should I do something like forwarding or routing for this setup to work? And the basic question: Will this setup even work? Are the SSL certificates based on the IP adress, or are the based on the host name, 1st.com and 2nd.com.

    Read the article

  • keepalived issues on xen domU

    - by David Cournapeau
    Hi, I cannot manage to run keepalived correctly on xen domU. I am following this link for configuration, and it works great on some local VM (running with KVM). If I set up the exact same configuration, but on xen domU, it does not work: both servers do not see each other and decide to be master (10.120.100.99 being the virtual IP) $ sudo ip addr sh eth0 # host1 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:16:3e:78:f5:31 brd ff:ff:ff:ff:ff:ff inet 10.120.100.104/24 brd 10.120.100.255 scope global eth0 inet 10.120.100.99/32 scope global eth0 inet6 fe80::216:3eff:fe78:f531/64 scope link valid_lft forever preferred_lft forever $ sudo ip addr sh eth0 # host2 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:16:3e:51:36:20 brd ff:ff:ff:ff:ff:ff inet 10.120.100.105/24 brd 10.120.100.255 scope global eth0 inet 10.120.100.99/32 scope global eth0 inet6 fe80::216:3eff:fe51:3620/64 scope link valid_lft forever preferred_lft forever Is there a way I could debug this - it seems some people are able to use keepalived on xen following some mailing list, but without much info on their config.

    Read the article

  • EC2 instance is blocking all outbound connections, how to diagnose/fix?

    - by Fraggle
    My EC2 instance is blocking all outbound connections. wget http://www.google.com ==> Hangs ping google.com ==>hangs ssh user@anyserver ==>hangs I ran : sudo iptables -F to eliminate all rules to no avail AWS Management console shows Security Group for that instance has Inbound rule allowing ssh and port 80. Can't find anything about Outbound rules there. Rebooted instance, no change. If anyone knows how to diagnose or fix, please help. Adding info: [ec2-user@ip-10-112-62-73 ~]$ ifconfig eth0 Link encap:Ethernet HWaddr 12:31:3D:06:31:BB inet addr:10.112.62.73 Bcast:10.112.63.255 Mask:255.255.254.0 inet6 addr: fe80::1031:3dff:fe06:31bb/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1933 errors:0 dropped:0 overruns:0 frame:0 TX packets:1764 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:164075 (160.2 KiB) TX bytes:343256 (335.2 KiB) Interrupt:9 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:672 (672.0 b) TX bytes:672 (672.0 b) [ec2-user@ip-10-112-62-73 ~]$ ip route show 10.112.62.0/23 dev eth0 proto kernel scope link src 10.112.62.73 default via 10.112.62.1 dev eth0

    Read the article

  • Amazon EC2 Nat Instance - goes out but not back in

    - by nocode
    I've followed Amazon's steps and list what I've done. I've created 6 subnets (4 private SN1: 10.50.1.0/24, SN2: 10.50.2.0/24, SN3: 10.50.3.0/24, SN4: 10.50.4.0/24) and 2 public (SN5: 10.50.101.0/24 and SN6: 10.50.102.0/24) -I have a Bastion host and a NAT instance on SN5 and assigned EIP's to both. I created a test instance on SN1. edit: -NAT instance has source/destination check disabled -On the NAT instance, I had enabled the following commands to be bootstrapped: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -j MASQUERADE -In my VPC, the private subnets have their own route table and configured 0.0.0.0/0 to the NAT instance with 4 subnets being associated with the route table. I have a second route table for my public subnets and 0.0.0.0/16 is pointed towards the IGW (with the other 2 subnets associated with it). -For Security Groups, I have the NAT instance accepting all traffic on each of the 4 subnets and all OUTBOUND traffic is allowed. For my test server, I have allowed all outbound access and have allowed all traffic from the public subnet of the NAT host. I can ping internally with no issues. On my test instance, if I try to ping google.com, DNS resolves however I don't get a reply back. On my NAT instance, I run a tcpdump and can see the request being requested to google.com but it's not sending the reply back. My NAT host can ping and receive a reply from google. From the test host, when I ping the NAT instance, the tcpdump shows a request and receive. Is there something I'm missing? EDIT: I've figured it out - I had to save the iptable config and restart the service.

    Read the article

  • PHP displays blank white page even with all error reporting enabled

    - by Andy Shinn
    I am trying to debug a broken page in a Drupal application and am having a hard time getting PHP to spit anything useful out. I have the following set: error_reporting = E_ALL display_errors = On display_startup_errors = On log_errors = On error_log = /var/log/php/php_error.log I have a file showing me phpinfo() which confirms these variables are set correctly for the environment. I have increased memory_limit to 256M (which should be more than enough). Yet, the only indication I get is a status 500 code in the apache access log and a blank white page from PHP. The Apache virtual host has LogLevel set to debug and the error log only outputs: [Sat Jun 16 20:03:03 2012] [debug] mod_deflate.c(615): [client 173.8.175.217] Zlib: Compressed 0 to 2 : URL /index.php, referer: http://ec2-174-129-192-237.compute-1.amazonaws.com/admin/reports/updates [Sat Jun 16 20:03:03 2012] [error] [client 173.8.175.217] File does not exist: /var/www/favicon.ico [Sat Jun 16 20:03:03 2012] [debug] mod_deflate.c(615): [client 173.8.175.217] Zlib: Compressed 42 to 44 : URL /favicon.ico The PHP error log outputs nothing at all. kernel and syslog show nothing related to Apache or PHP. I have also tried installing suphp and checking its log just confirms the user is executing correctly: [Sat Jun 16 20:02:59 2012] [info] Executing "/var/www/index.php" as UID 1000, GID 1000 [Sat Jun 16 20:05:03 2012] [info] Executing "/var/www/index.php" as UID 1000, GID 1000 This is on Ubuntu 12.04 x86_64 with the following PHP modules: ii php5 5.3.10-1ubuntu3.1 server-side, HTML-embedded scripting language (metapackage) ii php5-cgi 5.3.10-1ubuntu3.1 server-side, HTML-embedded scripting language (CGI binary) ii php5-cli 5.3.10-1ubuntu3.1 command-line interpreter for the php5 scripting language ii php5-common 5.3.10-1ubuntu3.1 Common files for packages built from the php5 source ii php5-curl 5.3.10-1ubuntu3.1 CURL module for php5 ii php5-gd 5.3.10-1ubuntu3.1 GD module for php5 ii php5-mysql 5.3.10-1ubuntu3.1 MySQL module for php5 So, what am I missing here? Why no error reporting?

    Read the article

  • Routing table on Linux not respected

    - by MRHaarmann
    I have a very specific problem, building a Linux VPN endpoint (with external VPN Gateway), which should route certain networks over the tunnel, others via default gateway. The Linux VPN should do a NAT on the outgoing connections for the VPN peers. Setup is as following: Internet gateway LAN 192.168.25.1/24 VPN Gateway LAN 10.45.99.2/24 (VPN tunnel 10.45.99.1 to net 87.115.17.40/29, separate connection to Internet) Linux VPN Router eth0 192.168.25.71/24 eth0:503 10.45.99.1/24 Default 192.168.25.1 route to 87.115.17.40/29 via 10.45.99.2 (send_redirects disabled, ip_forward enabled) Linux clients (multiple): eth0 192.168.25.x/24 Default 192.168.25.1 route to 87.115.17.40/29 via 192.168.25.71 Ping to the machines via tunnel from the VPN Router is working. Now I want to establish a routing from my clients over the VPN gateway and the client packet gets routed to 192.168.25.1 ! traceroute output shows the packets get routed to 192.168.25.71, but then to 192.168.25.1. So the route is not respected in forward ! IPTables and Routing: ip route show 87.115.17.40/29 via 10.45.99.2 dev eth0 10.45.99.0/24 dev eth0 proto kernel scope link src 10.45.99.1 192.168.25.0/24 dev eth0 proto kernel scope link src 192.168.25.71 default via 192.168.25.1 dev eth0 iptables -A INPUT -i eth0:503 -j REJECT iptables -t nat -A POSTROUTING -o eth0:503 -j MASQUERADE iptables -A FORWARD -i eth0:503 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 192.168.25.0/24 -o eth0:503 -j ACCEPT So what is wrong with my setup ? The route is chosen correctly from localhost, but all the clients get forwarded to the Internet GW. thanks for helping, Marcus

    Read the article

  • Why Wireshark does not recognize this HTTP response?

    - by Alois Mahdal
    I have a trivial CGI script that outputs simple text content. It's written in Perl and using CGI module and it specifies only the most basic headers: print $q->header( -type => 'text/plain', -Content_length => $length, ); print $stuff; There's no apparent issue with functionality, but I'm confused about the fact that Wireshark does not recognize the HTTP response as HTTP--it's marked as TCP. Here is request and response: GET /cgi-bin/memfile/memfile.pl?mbytes=1 HTTP/1.1 Host: 10.6.130.38 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 200 OK Date: Thu, 05 Apr 2012 18:52:23 GMT Server: Apache/2.2.15 (Win32) mod_ssl/2.2.15 OpenSSL/0.9.8m Content-length: 1048616 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/plain; charset=ISO-8859-1 XXXXXXXX... And here is the packet overview (Full packet is here on pastebin) No. Time Source srcp Destination dstp Protocol Info tcp.stream abstime 5 0.112749 10.6.130.38 80 10.6.130.53 48072 TCP [TCP segment of a reassembled PDU] 0 20:52:23.228063 Frame 5: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) Ethernet II, Src: Dell_97:29:ac (00:1e:4f:97:29:ac), Dst: Dell_3b:fe:70 (00:24:e8:3b:fe:70) Internet Protocol Version 4, Src: 10.6.130.38 (10.6.130.38), Dst: 10.6.130.53 (10.6.130.53) Transmission Control Protocol, Src Port: http (80), Dst Port: 48072 (48072), Seq: 1, Ack: 330, Len: 1460 Now when I see this in Wireshark: there's usual TCP handshake then the GET request shown as HTTP with preview then the next packet contains the response, but is not marked as an HTTP response--just a generic "[TCP segment of a reassembled PDU]", and is not caught by "http.response" filter. Can somebody explain why Wireshark does not recognize it? Is there something wrong with the response?

    Read the article

  • Trouble with port 80 nating (XenServer to WebServer VM)

    - by Lain92
    I have a rent server running XenServer 6.2 I only have 1 public IP so i did some NAT to redirect ports 22 and 80 to my WebServer VM. I have a problem with the port 80 redirection. When i use this redirection, i can get in the WebServer's Apache but this server lose Web access. I get this kind of error : W: Failed to fetch http://http.debian.net/debian/dists/wheezy/main/source/Sources 404 Not Found [IP: 46.4.205.44 80] but i can ping anywhere. XenserverIP:80 redirected to 10.0.0.2:80 (WebServer). This is the port 80 redirection part of my XenServer iptables : -A PREROUTING -i xenbr1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0 .2:80 -A INPUT -i xenbr1 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT COMMIT What is wrong in my configuration? Is there a problem with XenServer? Thanks for your help ! Edit : Here is my iptables full content : *nat :PREROUTING ACCEPT [51:4060] :POSTROUTING ACCEPT [9:588] :OUTPUT ACCEPT [9:588] -A PREROUTING -p tcp -m tcp --dport 1234 -j DNAT --to-destination 10.0.0.2:22 -A PREROUTING -i xenbr1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0 .2:80 -A POSTROUTING -s 10.0.0.0/255.255.255.0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [5434:4284996] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [5014:6004729] -A INPUT -i xenbr1 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT COMMIT Update : I have a second server with 10.0.0.3 as IP and it has the same problem that 10.0.0.2 has.

    Read the article

  • How to connect computers to a network printer behind a router?

    - by kokbira
    General question: How to connect computers to an IP printer behind a router? Particular question: How to connect C-1 and C-2 to PRI? What? Where? [ISP] | | -> IPs:200.X.X.X/other configs:DC | [R-1] | | -> IPs:10.1.X.X locked by MAC,M:255.0.0.0,G:10.1.0.1 |¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯| | | [PRI] IP:10.1.7.7 [R-2] IP: 10.1.0.1,MAC:A | | -> IPs:192.168.1.X,M:255.255.255.0,G:192.168.1.1 |¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯| | | [C-1] IP:192.168.1.2 [C-2] IP:192.168.1.3,MAC:A Glossary and details: ------------------------------------------------------------------------------------ - IP: IP. - IPs: Some IP range. - M: Mask. - G: Gateway. - MAC:A: A MAC address that I will not inform you :) - DC: Don't care. - ISP: Internet Service Provider (not so much details about it on that case). - R-1: A real router or some concatenated so IP range bellow that block is 10.1.X.X and above is ISP. The provided IPs are provided by MAC. As all available addresses are in use, you must clone an existing one to join with a new device (and to disconnect the cloned one). - PRI: An network printer (some people here call that IP printer). - R-2: A TP-LINK TL-WR340G, mine wireless router (since my computer does not have ethernet input, it is my ethernet-wifi adapter :), admin access, MAC address cloned from C-2 (MAC:A). I've to configure 10.0.1.1 and 10.0.1.2 as DNS addresses, other wise I cannot connect C-1 and C-2 to Internet. - C-1: My computer, a CCE XLE-425 (remember: no ethernet input), with Windows 7, admin access. - C-2: another computer with better configs than mine, MAC:A, Windows XP. Requirements: I want to print, to access Internet and to do it myself (no need to call network admin men in black people). Pay attention to MAC clones and DNS info.

    Read the article

  • OpenVPN access to a private network

    - by Gior312
    There are many similar topics about my issue, however I cannot figure out a solution for myself. There are three hosts. A without a routable address but with an Internet access. Server S with a routable Internet address and host B behind NAT in a private network. What I've managed to do is a OpenVPN connection between A and B via S. Everything works fine so far according to this manual VPN Setup What I want to do is to connect A to Bs private network 10.A.B.x I tried this manual but had no luck. So A has a vpn address 10.9.0.10, B's vpn address is 10.9.0.6 and B's private network is 10.20.20.0/24. When at the Server I try to make a route to Bs private network like this sudo route add 10.20.20.0 netmask 255.255.255.0 gw 10.9.0.6 dev tun0 it says "route: netmask 000000ff doesn't make sense with host route" but I don't know how to tell Server to look for a private network in a different way. Do you know how can I make it right ?

    Read the article

  • Not able to connect to port different than 22 - OpenVPN

    - by t8h7gu
    I have OpenVPN network with 5 clients. Computer with Arch Linux which hosts OpenVPN server, It also hosts virtual machine with Computer with CentOS which is also connnected to OpenVPN subnet. Windows 8 which hosts virtual machine with CentOS. Both of them are connected to OpenVPN. Last one machine is virtual machine with CentOS which is hosted by computer with Ubuntu 14( which is not connected to OpenVPN. All machines in OpenVPN subnet are bolded. All phisical computers are in different networks. The problem is that when I use nmap to scan Windows and it's guest virtual machine it's saids that host seems down. When I force namp to scan specific port it shows filtered state: nmap -Pn -p 50010 n3 Starting Nmap 6.46 ( http://nmap.org ) at 2014-06-07 19:49 CEST Nmap scan report for n3 (10.8.0.3) Host is up (0.11s latency). rDNS record for 10.8.0.3: node3.com PORT STATE SERVICE 50010/tcp filtered unknown Telnet also cannot connect to this port telnet n3 50010 Trying 10.8.0.3... telnet: Unable to connect to remote host: No route to host But ss on this host show's proper state of this port ss -anp | grep 50010 LISTEN 0 50 10.8.0.3:50010 *:* users:(("java",12310,271)) What might be possible reason of that and how to fix it? EDIT I've found that I am able to connect via telnet to ssh port: telnet n3 22 Trying 10.8.0.3... Connected to n3. Escape character is '^]'. SSH-2.0-OpenSSH_5.3 So it seems that it's not problem with Windows firewall. But I have no idea what it might be. Also nmap result for first thousand ports: nmap -Pn -p 1-1000 n3 Starting Nmap 6.46 ( http://nmap.org ) at 2014-06-07 20:08 CEST Nmap scan report for n3 (10.8.0.3) Host is up (0.49s latency). rDNS record for 10.8.0.3: node3.com Not shown: 999 filtered ports PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 77.87 seconds

    Read the article

  • Routing Traffic With OpenVPN

    - by user224277
    Few minutes ago i configured my VPN server, and actually I can connect to my VPN but all trafic is going through my normal home network. On my OpenVPN application I've got an information : Server IP: **.185.***.*10 Client IP: 10.8.0.6 Traffic: 7.3 KB in, 5.6 KB out Connected: 10 June 2014 19:21:59 So everything is connected but how I can setup on windows 7 that all trafic have to go through OpenVPN network card ?? Client setting : client dev tun proto udp # enter the server's hostname # or IP address here, and port number remote **.185.***.*10 1194 resolv-retry infinite nobind persist-key persist-tun # Use the full filepaths to your # certificates and keys ca ca.crt cert user1.crt key user1.key ns-cert-type server comp-lzo verb 6 Server setting : port 1194 proto udp dev tun # the full paths to your server keys and certs ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh2048.pem cipher BF-CBC # Set server mode, and define a virtual pool of IP # addresses for clients to use. Use any subnet # that does not collide with your existing subnets. # In this example, the server can be pinged at 10.8.0.1 server 10.8.0.0 255.255.255.0 # Set up route(s) to subnet(s) behind # OpenVPN server push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" ifconfig-pool-persist /etc/openvpn/ipp.txt keepalive 10 120 status openvpn-status.log verb 6 and sysctl : net.ipv4.ip_forward=1 Thank you for your time and help.

    Read the article

  • why DKIM bad signature

    - by Ashish
    Hi, I have setup a postfix mail receiving server. On this I am using DKIM milter to verify incoming mail DKIM signatures. From some email clients I am getting the following 'bad signature data' error: Jun 7 02:10:09 ip-10-194-99-63 dkim-filter[27964]: (unknown-jobid) no signing domain match for `gmail.com' Jun 7 02:10:09 ip-10-194-99-63 dkim-filter[27964]: (unknown-jobid) no signing subdomain match for `gmail.com' Jun 7 02:10:09 ip-10-194-99-63 dkim-filter[27964]: (unknown-jobid) no signing keylist match for `[email protected]' Jun 7 02:10:09 ip-10-194-99-63 dkim-filter[27964]: (unknown-jobid) not internal Jun 7 02:10:09 ip-10-194-99-63 dkim-filter[27964]: (unknown-jobid) not authenticated Jun 7 02:10:09 ip-10-194-99-63 dkim-filter[27964]: (unknown-jobid) mode select: verifying Jun 7 02:10:09 ip-10-194-99-63 dkim-filter[27964]: BA6E210015D: bad signature data Jun 7 02:10:10 ip-10-194-99-63 postfix/cleanup[30131]: BA6E210015D: milter-reject: END-OF-MESSAGE from mail-pv0-f176.google.com[74.125.83.176]: 5.7.0 bad DKIM signature data; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-pv0-f176.google.com> can anybody give me any clue why I am getting the above error in my postfix logs and what remedies I can put in to rectify or workaround this or warn the sender. Thanks in advance Ashish Sharma

    Read the article

  • JBoss 5.1 binds to host address while run in vserver with -b <guest address>

    - by bart cane
    Hello, while starting JBoss 5.1.0.GA in virtual server machine on Debian (linux-VServer technology) I get the following error: ERROR [org.jboss.kernel.plugins.dependency.AbstractKernelController] (main) Error installing to Start: name=jboss.remoting:protocol=rmi,service=JMXConnectorServer state=Create mode=Manual requiredState=Installed java.io.IOException: Cannot bind to URL [rmi://10.1.2.11:1090/jmxconnector]: javax.naming.NoPermissionException [Root exception is java.rmi.ServerException: RemoteException occurred in server thread; nested exception is: java.rmi.AccessException: Registry.Registry.bind disallowed; origin /AA.BB.CC.DD is non-local host] where AA.BB.CC.DD is host machine name, 10.1.2.11 is vserver guest with JBoss and JBoss is started with -b 10.1.2.11 (I also tried -Djboss.bind.address=10.1.2.11 - the same result). 10.1.2.11 is bound to dummy2 interface on host (serving 10.1.2.1 network). The root exception is strange - why JBoss wants to bind to host address AA.BB.CC.DD? There were no problems with 4.2.3.GA on the same machine, also started with -b 10.1.2.11. It starts correctly when no params present - binds to localhost and everything is ok, but it MUST be bound to 10.1.2.11 to be visible by Apache on another vserver guest, acting as proxy. I thought that it can be fixed by setting net.ipv4.conf.all.promote_secondaries=1 via sysctl (was 0) but it didn't help much. Has anyone had such problem? Regards, bart

    Read the article

  • Automatic Adjusting Range Table

    - by Bradford
    I have a table with a start date range, an end date range, and a few other additional columns. On input of a new record, I want to automatically adjust any overlapping date ranges (shrinking them to allow for the new input). I also want to ensure that no overlapping records can accidentally be inserted into this table. I'm using Oracle and Java for my application code. How should I enforce the prevention of overlapping date ranges and also allow for automatically adjusting overlapping ranges? Should I create an AFTER INSERT trigger, with a dbms_lock to serialize access, to prevent the overlapping data. Then in Java, apply the logic to auto adjust everything? Or should that part be in PL/SQL in stored procedure call? This is something that we need for a couple other tables so it'd be nice to abstract. If anyone has something like this already written, please share :) I did find this reference: http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:474221407101 Here's an example of how each of the 4 overlapping cases should be handled for adjustment on insert: = Example 1 = In DB (Start, End, Value): (0, 10, 'X') **(30, 100, 'Z') (200, 500, 'Y') Input (20, 50, 'A') Gives (0, 10, 'X') **(20, 50, 'A') **(51, 100, 'Z') (200, 500, 'Y') = Example 2 = In DB (Start, End, Value): (0, 10, 'X') **(30, 100, 'Z') (200, 500, 'Y') Input (40, 80, 'A') Gives (0, 10, 'X') **(30, 39, 'Z') **(40, 80, 'A') **(81, 100, 'Z') (200, 500, 'Y') = Example 3 = In DB (Start, End, Value): (0, 10, 'X') **(30, 100, 'Z') (200, 500, 'Y') Input (50, 120, 'A') Gives (0, 10, 'X') **(30, 49, 'Z') **(50, 120, 'A') (200, 500, 'Y') = Example 4 = In DB (Start, End, Value): (0, 10, 'X') **(30, 100, 'Z') (200, 500, 'Y') Input (20, 120, 'A') Gives (0, 10, 'X') **(20, 120, 'A') (200, 500, 'Y') The algorithm is as follows: given range = g; input range = i; output range set = o if i.start <= g.start if i.end >= g.end o_1 = i else o_1 = i o_2 = (o.end + 1, g.end) else if i.end >= g.end o_1 = (g.start, i.start - 1) o_2 = i else o_1 = (g.start, i.start - 1) o_2 = i o_3 = (i.end + 1, i.end)

    Read the article

  • How to Sort ip addresses and merge two files in efficent manner using perl or *nix commands?

    - by berkay
    (*) This problem should be done in perl or any *nix commands. i'm working on a program and efficiency matters.The file1 consists ip addresses and some other data: index ipsrc portsrc ip dest port src 8 128.3.45.10 2122 169.182.111.161 80 (same ip src and dst) 9 128.3.45.10 2123 169.182.111.161 22 (same ip src and dst) 10 128.3.45.10 2124 169.182.111.161 80 (same ip src and dst) 19 128.3.45.128 62256 207.245.43.126 80 and other file2 looks like (file1 and file2 are in different order) 128.3.45.10 ioc-sea-lm 169.182.111.161 microsoft-ds 0 0 3 186 3 186 128.3.45.10 hypercube-lm 169.182.111.161 https 0 0 3 186 3 186 128.3.44.112 pay-per-view 148.184.171.6 netbios-ssn 0 0 3 186 3 186 128.3.45.12 cadabra-lm 148.184.171.6 microsoft-ds 0 0 3 186 3 186 1- SORT file1 using IP address in second column and SORT file2 using IP address in first column 2- Merge the 1st, 3rd and 5th columns of File1 with File 2 i need to create a new file which will look: 128.3.45.10 ioc-sea-lm 169.182.111.161 microsoft-ds 0 0 3 186 3 186 --> 2122 80 8 128.3.45.10 hypercube-lm 169.182.111.161 https 0 0 3 186 3 186 --> 2123 22 9 128.3.44.112 pay-per-view 148.184.171.6 netbios-ssn 0 0 3 186 3 186 --> * * * 128.3.45.12 cadabra-lm 148.184.171.6 microsoft-ds 0 0 3 186 3 186 --> * * * basically port numbers and index number will be added.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 198 199 200 201 202 203 204 205 206 207 208 209  | Next Page >