Search Results

Search found 26947 results on 1078 pages for 'util linux'.

Page 434/1078 | < Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441 | Next Page >

Proxmox: VMs and different public IPs

- by Raj

I have a server which has two NICs and both are directly connected to internet. I have five different public IP addresses available for the VMs. The host machine (Proxmox) doesn't need to use any (it'll use a private IP and that's all) but will have internet connection. I've gone through the Proxmox documentation and I'm not able to understand the big picture to set up the right network configuration for my needs. In short, what I have is: One server (Proxmox, host machine) On that server, 5 VMs are created 5 public IP addresses available (one for each VM), let's say: 80.123.21.1, 80.123.21.2, 80.123.21.3, 80.123.21.4, 80.123.21.5 What I have now for the host is the following: auto lo iface lo inet loopback auto eth0 iface eth0 inet manual auto eth1 iface eth1 inet manual auto vmbr0 iface vmbr0 inet static address 192.168.1.101 netmask 255.255.255.0 bridge_ports eth0 bridge_stp off bridge_fd 0 auto vmbr1 iface vmbr1 inet manual It can be reached from the internal network, so that's OK. It has internet connection, which is also OK. vmbr1 is going to be used by the VMs. Each VM will have its own IP on his network interfaces configuration file. For some reason, VMs will not have internet and they won't be able to have public IP address. If I use NAT, it will work correctly, but they will not use the public allocated IP addresses for them. Am I missing something?

Read the article
RHEL 5 list missing critical patches/packages

- by Vinnie Biros

Im trying to figure out if there is an easy way to identify the missing critical patches/packages on my RHEL5 boxes. This is for audit purposes and was trying to figure out if there was an RPM command or something of the sort that would accomplish this easily. I know with my Solaris 10 boxes, i can run the "smpatch analyze" command which would display this information for me. Anyone know of anything similar for RHEL5? Thanks.

Read the article
Can't ping Ip over bridge

- by tmn29a

I'm unable to ping another host over a bridge I created, I can't see the error -.- It's a remote machine running debian stable with some backports for which I want to set up DHCP on the new Subnet 172.30.xxx.xxx to be used for KVM-Guests. ifconfig : bond0 Link encap:Ethernet HWaddr e4:11:5b:d4:94:30 inet addr:10.54.2.84 Bcast:10.54.2.127 Mask:255.255.255.192 inet6 addr: fe80::e611:5bff:fed4:9430/64 Scope:Link UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:34277 errors:0 dropped:0 overruns:0 frame:0 TX packets:18379 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2638709 (2.5 MiB) TX bytes:2887894 (2.7 MiB) br0 Link encap:Ethernet HWaddr f2:fc:4d:7f:15:f0 inet addr:172.30.254.66 Bcast:172.30.254.127 Mask:255.255.255.192 inet6 addr: fe80::f0fc:4dff:fe7f:15f0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:252 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:10800 (10.5 KiB) Pings : ping -I br0 172.30.xxx.65 PING 172.30.xxx.65 (172.30.xxx.65) from 172.30.xxx.66 br0: 56(84) bytes of data. --- 172.30.xxx.65 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2017ms ping -I bond0 172.30.254.65 PING 172.30.xxx.65 (172.30.xxx.65) from 10.54.2.84 bond0: 56(84) bytes of data. 64 bytes from 172.30.x.65: icmp_req=1 ttl=64 time=0.599 ms 64 bytes from 172.30.x.65: icmp_req=2 ttl=64 time=0.575 ms 64 bytes from 172.30.x.65: icmp_req=3 ttl=64 time=0.565 ms --- 172.30.x.65 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.565/0.579/0.599/0.031 ms Route : Destination Gateway Genmask Flags Metric Ref Use Iface 172.30.x.64 * 255.255.255.192 U 0 0 0 br0 10.54.x.64 * 255.255.255.192 U 0 0 0 bond0 default 10.54.x.65 0.0.0.0 UG 0 0 0 bond0 default 172.30.x.65 0.0.0.0 UG 0 0 0 br0 The Interface : cat /etc/network/interfaces auto lo br0 iface lo inet loopback # Bonding Interface auto bond0 iface bond0 inet static address 10.54.x.84 netmask 255.255.255.192 network 10.54.x.64 gateway 10.54.x.65 slaves eth0 eth1 bond_mode active-backup bond_miimon 100 bond_downdelay 200 bond_updelay 200 iface br0 inet static bridge_ports bond0 address 172.30.x.66 broadcast 172.30.x.127 netmask 255.255.x.192 gateway 172.30.x.65 bridge_maxwait 0 If you need more info please ask. Thanks for your help !

Read the article
Puppet: is it ok to "force" certname when you expect to shuffle nodes around?

- by Luke404

We all know (good example on SF) that Puppet hostname detection could be... fun. At our company (and I guess we're not alone at this) we usually pre-configure servers at our offices and test them before bringing the gear to a remote datacenter and rack them. Of course the reverse dns will change when doing that, even if we don't change the actual hostname of the system. We're slowly drafting our puppet setup and I'd like to be sure those moves won't create problems. My idea is to explicitly configure the desired full FQDN of the system as certname in puppet.conf at server provision time (before the very first puppet run). My process would look something like this: basic o.s. installation basic network configuration, enough to reach the internet and resolve dns install puppet and set up certname start puppet and let him manage the whole configuration test, fix problems in config (via puppet), re-test, and so on... manually stop puppet set up new network configuration for the datacenter network move the machine to DC turn it on puppet should automatically start and keep on doing its job The process is supported by detecting the environment in puppet's manifests (eg. based on subnet, like they do at Wikimedia) and modify configuration as needed (eg. resolv.conf contents appropriate for each network). Each node's certname will never change for the whole system life cycle. Is there any problem with this approach? Could it be improved?

Read the article
Comparison of Unix shells

- by Andy White

Of the major Unix shells (bash, ksh, tcsh, zsh, others?), are there any compelling reasons to use one over another? Which is the most interactive/command-line friendly? Which is the most conducive/intuitive for writing scripts? Are there any major built-in features that one shell offers that others don't? Are any of these shells really good for one type of function, but not another? Or are they all pretty well-rounded/flexible? Is it just a matter of personal preference? I can make this community wiki if anyone prefers.

Read the article
Traffic shaping L2TP/IPsec VPN (via accounts not connection)

- by Cromulent

I need to be able to control the amount of bandwidth a specific user account can use on a VPN connection. One account I want to be able to use the VPN with no restrictions and another account I want to limit to a reasonable amount of bandwidth (say 10GB or so a month). I'm aware that you can traffic shape individual connections but that does not quite solve the problem as the limited account can just disconnect and reconnect to get a new connection. I need to be able to limit bandwidth on a login basis for a given period of time (monthly limit). I'm really not that familiar with traffic shaping in general so any advice would be appreciated. Thank you.

Read the article
nagios ldap-group based front end login permission issues

- by Eleven-Two

I want to grant users access to the nagios 3 core frontend by using an active directory group ("NagiosWebfrontend" in the code below). The login works fine like this: AuthType Basic AuthName "Nagios Access" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL "ldap://ip-address:389/OU=user-ou,DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN CN=LDAP-USER,OU=some-ou,DC=domain,DC=tld AuthLDAPBindPassword the_pass Require ldap-group CN=NagiosWebfrontend,OU=some-ou,DC=domain,DC=tld Unfortunately, every nagios page just shows "It appears as though you do not have permission to view information for any of the services you requested...". I got the hint, that I am missing a contact in nagios configuration which is equal to my login, but creating one with the same name as the domain user had no effect on this issue. However, it would be great to find a solution without manually editing nagios.conf for every new user, so the admins could grant access to nagios by just putting the user to "NagiosWebfrontend" group. What would be the best way to solve it?

Read the article
how to uninstall the jdk 1.7.0 in the ubuntu

- by kaiwii ho

i encounter a very strange problem,and here is the detail: i'm going to uninstall the jdk 1.7.0.but when i use the rpm to check the appropriate name of the package,it prompt nothing.Anyway,when i use the command java -version,it will prompt the detail of the jdk 1.7.0. below is the detail: root@kaiwiiho:/usr/java# rpm -qa|grep jdk root@kaiwiiho:/usr/java# java -version java version "1.7.0" Java(TM) SE Runtime Environment (build 1.7.0-b147) Java HotSpot(TM) Server VM (build 21.0-b17, mixed mode) root@kaiwiiho:/usr/java# rpm -qa|grep jdk root@kaiwiiho:/usr/java# so what happen?And how can i uninstall it?thx

Read the article
Openmeetings: problem in running: "Address already in use "

- by takpar

hi, i am trying to run openmeetings in my CentOS vps. when i run $ ./red5.sh after a lot of lines it says: Bootstrap Complete and a few lines before it it says: Caused by: java.net.BindException: Address already in use at sun.nio.ch.Net.bind(Native Method) ... i have tried red5.sh with root and a nomral user. both gives error like that. any suggestion?

Read the article
forward outbound traffic rule

- by Claudiu

I am trying to forward the outbound traffic to another server. Current rule is: /sbin/iptables -A OUTPUT -p tcp -s localhost -o 91.xxx.xxx.xxx --dport 65000:65010 -j ACCEPT but when I do a iptables -L, the rule its showed like this: ACCEPT tcp -- localhost.localdomain anywhere tcp dpts:65000:65010 So I guess my rule is bad written since the "destination" column shows "anywhere" Can you help me with this?

Read the article
Why the number of blocks is always a multiple of 8?

- by lemonedo

$ stat -c %s,%o,%b foo.txt 631,4096,8 $ stat -c %s,%o,%b bar.txt 5952,4096,16 Why the number of blocks is always a multiple of 8? I thought the number of blocks of a file is the smallest integer that satisfies filesize <= blocksize * blockcount.

Read the article
Darkstat unable to show recent statistics.

- by Caterpillar

Hello All.. We have a debian machine running with firewall / gateway. We have deployed darkstat on it. When we installed darkstat it was showing statistics properly. After few days it stopped showing recent statistics. The data was getting appended to existing one. Please anyone tell me what could be the problem. Thanks In Advance.

Read the article
Munin "Available entropy" when using adress space layout randomization

- by clawspoon

Having just configured munin for statistics logging on my gentoo server (hardened profile), I am noticing that my "Available entropy" is consitently in the 200-300 range. This seems way to low, so I checked it manually using the command $ cat /proc/sys/kernel/random/entropy_avail 3544 Odd. Consistently very low values in Munin and practically filled up when checking manually. After thinking about the problem for a while I came to the conclusion that the problem is probably that I'm using Adress Space Layout Randomization which is using the entropy when running commands/programs. Since Munin runs a whole slew of programs all the entropy is used up, and Munin then measures how much entropy there is, resulting in the low values. Does anyone have any experience with this? How can this be avoided?

Read the article
mysql 5.1 - innodb - query_cache_size - 9,418,108 queries have been removed from the query cache due to lack of memory

- by Tom C

Currently running on a 16GB system - Ubuntu 64 bit. INnodb Buffer Pool is set to 10GB. tuning-primer shows the following: QUERY CACHE Query cache is enabled Current query_cache_size = 512 M Current query_cache_used = 501 M Current query_cache_limit = 4 M Current Query cache Memory fill ratio = 97.87 % Current query_cache_min_res_unit = 4 K However, 9418108 queries have been removed from the query cache due to lack of memory Perhaps you should raise query_cache_size That is over 9million queries removed. System uptime is 8 days. Should I remove the Query Cache altogether? Our db is always under heavy I/O. tia

Read the article
What's wrong with this iptable rule?

- by warl0ck

I run dnsmasq locally as a cache server, in the old days, I allow all INPUT packets from lo+, and set policy of INPUT to DROP: -A INPUT -i lo+ -j ACCEPT Now I decide to put this on the raw table to speed up rules matching, -A PREROUTING -i lo+ -j ACCEPT But that doesn't work as expected. Why? Since the packets get processed by the raw table first, then nat, then filter, why isn't that rule work the same as the old one?

Read the article
can i use an ip-list include file for iptable blacklisting

- by rubo77

I would like to block all countries except mine in iptables, that is a lits with about 100.000 Entries. how can i define this blacklistfile in a script, so iptables blocks all those ip-ranges? maybe i can use http://www.ipdeny.com/ipblocks/data/countries/ that provides lists in the form 117.55.192.0/20 117.104.224.0/21 119.59.80.0/21 121.100.48.0/21 ... i want to be able to change the blacklistfile easily without having to change the iptables-script

Read the article
How to synchronize the home folder between multiple computers?

- by lamcro

I have three computers at home, and would like to have the /home/ folder tree synchronized between the three. Any files/folders (except those hidden) that are modified/added/removed in one of the three computers is updated in the other two. Is rsync enough to do this? and how?

Read the article
What does directory permission 'S' mean? (not lower case, but in upper case)

- by Howard Guo

I downloaded Eclipse, uncompressed it, did a few other things and all sudden I notice this interesting behaviour: ^_^ ~/Downloads > sudo chmod 0000 eclipse/ ^_^ ~/Downloads > stat eclipse/ File: 'eclipse/' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 801h/2049d Inode: 529725 Links: 9 Access: (2000/d-----S---) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2012-11-22 19:54:57.752017352 +1100 Modify: 2012-09-20 18:16:26.000000000 +1000 Change: 2012-11-22 20:07:49.354016510 +1100 Birth: - ^_^ ~/Downloads > sudo chmod 0755 eclipse/ ^_^ ~/Downloads > stat eclipse/ File: 'eclipse/' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 801h/2049d Inode: 529725 Links: 9 Access: (2755/drwxr-sr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2012-11-22 19:54:57.752017352 +1100 Modify: 2012-09-20 18:16:26.000000000 +1000 Change: 2012-11-22 20:08:19.042016478 +1100 Birth: - What does 'S' permission mean to a directory? And why it doesn't let me get rid of it? Thanks.

Read the article
Virtualhost one https site, the rest http

- by RJP1

I have a linode server with Apache2 running a handful of sites with virtualhosting. All sites work fine on port 80, but one site has a ssl certificate and also runs okay. My problem is as follows: The non-https sites, if visiting https://domain.com - show the contents of the only secure site... Is there a way of disabling the *:443 match for these non-secure sites? Thanks! EDIT (more information): Here's a typical config in sites-available for a normal insecure http site: <VirtualHost *:80> ServerName www.insecure.com ServerAlias insecure.com ... </VirtualHost> The secure https site is as follows: <VirtualHost *:80> ServerName www.secure.com Redirect permanent / https://secure.com/ </VirtualHost> <VirtualHost *:80> ServerName secure.com RedirectMatch permanent ^/(.*) https://secure.com/$1 </VirtualHost> <VirtualHost *:443> SSLEngine on SSLProtocol all SSLCertificateChainFile ... SSLCertificateFile ... SSLCertificateKeyFile ... SSLCACertificateFile ... ServerName secure.com ServerAlias secure.com ... </VirtualHost> So, visiting: http:/insecure.com - works http:/www.insecure.com - works http:/secure.com - redirects to https:/secure.com - works http:/www.secure.com - redirects to https:/secure.com - works https:/insecure.com - shows https:/secure.com - WRONG!

Read the article
mod_rewrite filename from mod_pagespeed back to normal files

- by British Sea Turtle

I am hoping someone can help me with this problem. I am moving to a new server and not using mod_pagespeed any more. However we have lots of external links to images on our site using the strange mod_pagespeed filenames. This is not an issue but we do not want to have lots of 404 errors. So I have lots of links like the following : http://www.domain.com/images/150x150xlink.png.pagespeed.ic.pPXw45HSQm.png http://www.domain.com/images/paris_01.gif.pagespeed.ce.vfrkuKUaj0.gif http://www.doamin.com/images/1st2.gif.pagespeed.ce.OUg38q6VbZ.gif How can I redirect them to : http://www.domain.com/images/150x150xlink.png http://www.domain.com/images/paris_01.gif http://www.doamin.com/images/1st2.gif There are thousands of files like this so I am hoping for a simple solution with mod_rewrite, I tried this but it does not work. So any help would be appreciated. RewriteCond %{REQUEST_URI} \.gif\.pagespeed\. [NC] RewriteRule ^(.*?\.gif)\..*\.gif$ $1 [NC,L]

Read the article
High frequency, kernel bypass vs tuning kernels?

- by Keith

I often hear tales about High Frequency shops using network cards which do kernel bypass. However, I also often hear about them using operating systems where they "tune" the kernel. If they are bypassing the kernel, do they need to tune the kernel? Is it a case of they do both because whilst the network packets will bypass the kernel due to the card, there is still all the other stuff going on which tuning the kernel would help? So in other words, they use both approaches, one is just to speed up network activity and the other makes the OS generally more responsive/faster? I ask because a friend of mine who works within this industry once said they don't really bother with kernel tuning anymore-because they use kernel bypass network cards? This didn't make too much sense as I thought you would always want a faster kernel for all the CPU-offloaded calculations.

Read the article
monitor power and lock screen (Ubuntu Lucid)

- by xsznix

Hi, I'm trying to get my screen to turn off whenever I lock my screen. I know that in Power Management, there's an option to turn off the screen after a set amount of time, and I know about xset dpms force off, but the former doesn't allow me to turn off the screen from the logout menu, and the latter only turns the screen off for a short amount of time (1 minute or so. The screen just turns back on by itself). Is there a script I can modify to change what happens when "Lock screen" from the logout menu is selected, or is there a script I can add to the panel to lock the screen and then turn the monitor off (and turning it back on when I shake the mouse or something)? Thanks.

Read the article
Is there a version of Debian-Lenny that is legal for export from the US?

- by molecules

I wanted to bundle my application in a Debian-Lenny Virtual Machine so others could download it and run it without having to configure anything. However, I don't want to have to worry about US legal issues. Many of the packages in a default Debian installation include encryption algorithms. Are all default versions export-safe? If not, is there an export-safe version? If not, is there an easy way to make one?

Read the article
When HDD wakes up?

- by NumberFour

Im looking for some small script or application which could log the time when a non-system disk wakes up. I cannot identify which application or script wakes up my non-system drive (which has to be asleep until I work with it). I have already set the noatime flag, tried to use powertop and iotop to determine which application could prevent it from going to sleep - but with no result. So my plan is to set this drive asleep (hdparm -Y) and see at what time it gets regularly woken up. Thanks for any advice.

Read the article
Securing debain with fail2ban or iptables

- by Jimmy

I'm looking to secure my server. Initially my first thought was to use iptables but then I also learnt about Fail2ban. I understand that Fail2ban is based on iptables, but it has the advantages of being able to ban IP's after a number of attempts. Let's say I want to block FTP completely: Should I write a separate IPtable rule to block FTP, and use Fail2ban just for SSH Or instead simply put all rules, even the FTP blocking rule within the Fail2Ban config Any help on this would be appreciated. James

Read the article

< Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441 | Next Page >