Search Results

Search found 14215 results on 569 pages for 'tell'.

Page 34/569 | < Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >

  • iptables to block non-VPN-traffic if not through tun0

    - by dacrow
    I have a dedicated Webserver running Debian 6 and some Apache, Tomcat, Asterisk and Mail-stuff. Now we needed to add VPN support for a special program. We installed OpenVPN and registered with a VPN provider. The connection works well and we have a virtual tun0 interface for tunneling. To archive the goal for only tunneling a single program through VPN, we start the program with sudo -u username -g groupname command and added a iptables rule to mark all traffic coming from groupname iptables -t mangle -A OUTPUT -m owner --gid-owner groupname -j MARK --set-mark 42 Afterwards we tell iptables to to some SNAT and tell ip route to use special routing table for marked traffic packets. Problem: if the VPN failes, there is a chance that the special to-be-tunneled program communicates over the normal eth0 interface. Desired solution: All marked traffic should not be allowed to go directly through eth0, it has to go through tun0 first. I tried the following commands which didn't work: iptables -A OUTPUT -m owner --gid-owner groupname ! -o tun0 -j REJECT iptables -A OUTPUT -m owner --gid-owner groupname -o eth0 -j REJECT It might be the problem, that the above iptable-rules didn't work due to the fact, that the packets are first marked, then put into tun0 and then transmitted by eth0 while they are still marked.. I don't know how to de-mark them after in tun0 or to tell iptables, that all marked packet may pass eth0, if they where in tun0 before or if they going to the gateway of my VPN provider. Does someone has any idea to a solution? Some config infos: iptables -nL -v --line-numbers -t mangle Chain OUTPUT (policy ACCEPT 11M packets, 9798M bytes) num pkts bytes target prot opt in out source destination 1 591K 50M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 MARK set 0x2a 2 82812 6938K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 CONNMARK save iptables -nL -v --line-numbers -t nat Chain POSTROUTING (policy ACCEPT 393 packets, 23908 bytes) num pkts bytes target prot opt in out source destination 1 15 1052 SNAT all -- * tun0 0.0.0.0/0 0.0.0.0/0 mark match 0x2a to:VPN_IP ip rule add from all fwmark 42 lookup 42 ip route show table 42 default via VPN_IP dev tun0

    Read the article

  • iptables to block VPN-traffic if not through tun0

    - by dacrow
    I have a dedicated Webserver running Debian 6 and some Apache, Tomcat, Asterisk and Mail-stuff. Now we needed to add VPN support for a special program. We installed OpenVPN and registered with a VPN provider. The connection works well and we have a virtual tun0 interface for tunneling. To archive the goal for only tunneling a single program through VPN, we start the program with sudo -u username -g groupname command and added a iptables rule to mark all traffic coming from groupname iptables -t mangle -A OUTPUT -m owner --gid-owner groupname -j MARK --set-mark 42 Afterwards we tell iptables to to some SNAT and tell ip route to use special routing table for marked traffic packets. Problem: if the VPN failes, there is a chance that the special to-be-tunneled program communicates over the normal eth0 interface. Desired solution: All marked traffic should not be allowed to go directly through eth0, it has to go through tun0 first. I tried the following commands which didn't work: iptables -A OUTPUT -m owner --gid-owner groupname ! -o tun0 -j REJECT iptables -A OUTPUT -m owner --gid-owner groupname -o eth0 -j REJECT It might be the problem, that the above iptable-rules didn't work due to the fact, that the packets are first marked, then put into tun0 and then transmitted by eth0 while they are still marked.. I don't know how to de-mark them after in tun0 or to tell iptables, that all marked packet may pass eth0, if they where in tun0 before or if they going to the gateway of my VPN provider. Does someone has any idea to a solution? Some config infos: iptables -nL -v --line-numbers -t mangle Chain OUTPUT (policy ACCEPT 11M packets, 9798M bytes) num pkts bytes target prot opt in out source destination 1 591K 50M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 MARK set 0x2a 2 82812 6938K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 CONNMARK save iptables -nL -v --line-numbers -t nat Chain POSTROUTING (policy ACCEPT 393 packets, 23908 bytes) num pkts bytes target prot opt in out source destination 1 15 1052 SNAT all -- * tun0 0.0.0.0/0 0.0.0.0/0 mark match 0x2a to:VPN_IP ip rule add from all fwmark 42 lookup 42 ip route show table 42 default via VPN_IP dev tun0

    Read the article

  • How do I stop linux from trying to mount android phone as usb storage?

    - by user1160711
    When I plug in my Motorola Triumph to my fedora 17 linux box USB port, I get an endless series of errors on the linux box as it desperately attempts to mount the phone as a USB drive. Stuff like this: Jun 23 10:26:00 zooty kernel: [528926.714884] end_request: critical target error, dev sdg, sector 4 Jun 23 10:26:00 zooty kernel: [528926.715865] sd 16:0:0:1: [sdg] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE Jun 23 10:26:00 zooty kernel: [528926.715869] sd 16:0:0:1: [sdg] Sense Key : Illegal Request [current] Jun 23 10:26:00 zooty kernel: [528926.715872] sd 16:0:0:1: [sdg] Add. Sense: Invalid field in cdb Jun 23 10:26:00 zooty kernel: [528926.715876] sd 16:0:0:1: [sdg] CDB: Read(10): 28 20 00 00 00 00 00 00 04 00 If I go ahead and tell the phone to allow linux to mount the USB storage, the messages stop, and I get a mounted drive, but if all I want to do is use the debug bridge, my log on linux will continue to fill with this junk. Is there some udev magic I can do to make the system ignore this particular device as far as usb storage goes? I just noticed that if I tell the phone to enable USB storage, let linux recognize the new disk, then tell the phone to disable USB storage again, I get one additional log message about capacity changing to zero, but the endless spew of messages stops, so I guess one work around is to enable and disable USB right away.

    Read the article

  • running a command line app with sudo and password automatically on start up OS X (Lion)

    - by Designer023
    I need to run an app at startup/login on my mac. I want it to launch in the background and start doing it's work without interrupting me or me having to start it up because I invariably forget and then when I need it, it wasn't running! I have tried using applescript to tell terminal to run it and type my password in, but it ends up opening multiple Terminal windows and not working. Ideally I need a script that I can just add to the user login items and it will run for me. The app has no way of taking a password argument either and it has a password as well as the sudo! I need a solution that can either be done as an applescript (which can be made into an executable) or i need a commandline script but I have no idea about them. This is the manual code I type >sudo serverStatus >password:123456 >password:serverpass Not sure if this is the right stack to ask, but I have no idea now and it's above my head! Thanks :D My applescript: tell application Terminal activate do shell script "sudo serverStatus" delay 5 do shell script "123456" delay 2 do shell script "serverpass" end tell

    Read the article

  • Developer Burnout Stories

    - by Jeff V
    In question: "What causes developer burnout?" I told of a co-worker who got burned out and ended up leaving the profession. Have you seen developer burnout? Tell the story here. Whether it is funny or just plain sad and touching I'm sure it will tell us something about our profession. This will give us a sense of how common it is as well.

    Read the article

  • Linker options to statically link a lib*.a file while creating a shared object

    - by Swaroop S
    How can I tell the linker that statically link libfoo.a while building the shared object sharedobj.so using gcc/make. I have tried to pass the LDFLAG options LDFLAGS += -W1 --whole-archive -L/path/to/libfoo -lfoo I have also tried to pass LDFLAGS the options LDFLAGS += -W1, static -L/path/to/libfoo -lfoo I have also tried to pass LDFLAGS the options LDFLAGS += -W1, Bstatic -L/path/to/libfoo -lfoo and I have also tried to pass LDFLAGS the options LDFLAGS += -W1, statically_linked -L/path/to/libfoo -lfoo I have read through a number of links that tell me how to do it but none have worked so far.

    Read the article

  • rules precedence in bison

    - by arbiadr
    Hi Here is the grammar rules: ProcessExpression : EventExpression "->" ProcessExpression | ProcessName ; Please can you tell me how can I tell to bison that the first rule has the highest precedence than the second one? I have tried: %nonassoc PROC %right "->" ProcessExpression : EventExpression "->" ProcessExpression | ProcessName % prec PROC; But without any result. Thank you.

    Read the article

  • Very dumb question about IntelliJ IDEA

    - by Alex R
    I'm a long-time Eclipse user and I just now decided to try IntelliJ IDEA 9 (free edition) for Scala. A couple of dumb questions: How can I tell if a file I've modified has been saved? How can I tell if I file I've saved has been checked into CVS? I feel incredibly "exposed" to some sort of imminent danger when I don't see the familiar visual cues from Eclipse that indicate a file has been saved and/or checked in. Thanks

    Read the article

  • What do you do to keep learning?

    - by tvanfosson
    When my children tell me that they hate school, I often tell them that they need to get used to continuous learning because they live in a generation in which constant learning will be required. How do I know -- because I live in a generation and work in an occupation in which continual learning is imperative. Do you agree with this sentiment? If so, what do you do to keep up with the continual pace of change in the field of software development?

    Read the article

  • How can I get MTK development platform for MT series mobiles with English explanation?

    - by Robert
    You said in a post that you are an engineer and you have MTK development platform for MT series mobiles with English explanation. Can you please tell me how your company obtained it? Did you purchase it from MTK or you downloaded it? If you downloaded it please tell me your source. I am researching how i can develop application in the MTK platform so i hope you could help me with this information.

    Read the article

  • System.exit(0) in java

    - by Ram
    I am writing an application program in java. If i need to exit from the application can i use system.exit or should i use some other method, which is good practice. If calling system.exit is not good practice then tell the reason and tell the alternative way to exit from the application.

    Read the article

  • making of address book

    - by vimal
    i want to make an address book website in c# in visiual studio and i don't know about it. pls tell me about it that how to make the address book software and what kind of database are used and what requirements. pls tell me about that how i make the tables of database, how design the home page, master page, and other pages. and coding of this and report of this

    Read the article

  • How to install ffmpeg, ffmpeg-PHP, Mplayer, Mencoder, LAME MP3 encoder for Winxp. php version 5.3.0

    - by user295239
    Hello All Members I am newbie in php.Can any body tell me how i install ffmpeg, ffmpeg-PHP, Mplayer, Mencoder in Windows XP and php version should be 5.3.0 or Wamp server release July 11 2009/Xamp Server release 2009/12/23. I make search on google and i find tutorial but that tutorial work with previous version of php 5.2.8 . So if some one tell me step by step guide how to install FFMPEG ffmpeg-PHP, Mplayer, Mencoder in winxp. I am very thankful. Highly Appreciated Best Regards Hasnat

    Read the article

  • autosuggest in textare with remove icon

    - by Bharanikumar
    am doing simple messaging system, For compose the message , i have given the textarea ,i want autosuggest in the textarea also i need somthing like reove icon, can u tell me how to this sort of function , i thing some the jquery plugin do these.. can u tell that name , For clear view of my expecation plase see the image... Thanks

    Read the article

  • unable to copy release folder to desktop using AppleScript

    - by Miraaj
    Hi all, I tried this script to copy release folder of one of my Xcode projects to desktop: tell application "Finder" set targetFolder to folder "release" of folder "build" of folder "8_15pm" of folder "26th_March" of folder "XYZ" of startup disk set destinationFolder to folder "Desktop" of folder "miraaj" of folder "Users" of startup disk copy targetFolder to destinationFolder end tell I was expecting that I will obtain a folder named as release on my desktop but I did not get any :( Can anyone suggest me where I am wrong or some better way to do this?? Thanks, Miraaj

    Read the article

  • Daemon running as user nobody needs to copy file from Desktop

    - by Randall
    I have a daemon that is running as user nobody. It needs to copy a file that I specify into /Users/Shared/MyFolder If I tell it to copy a file that is already in /Users/Shared/ it works fine. If I tell it to copy it from somewhere in my home directory like the desktop, the copy fails. I'm using NSFileManager copyPath:toPath: Any ideas?

    Read the article

  • How to create own dotnet obfuscator

    - by Rajesh Rolen- DotNet Developer
    I know that dot net dlls and exe contain their assemblies with them so every body can extract code from it. so to tell me how can i create my own dotnet obfuscator and tell me if their exist any other way to protect my application to deassemble. and plez dont give me link of any paid obfuscator. i would prefer code sample in c# or vb.net

    Read the article

  • invalidateList(); in flex3.0

    - by Ankur Sharma
    please tell me what invalidateList(); function does? i have one line of code, in which this function is getting called on arraycollection object like dg.invalidateList(); where dg is the id of datagrid, dataprovider for this dg is colors which is an arraycollection?? plzz tell me wht the invalidateList() function is doin? thanx

    Read the article

< Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >