Search Results

Search found 1218 results on 49 pages for 'derek lo'.

Page 44/49 | < Previous Page | 40 41 42 43 44 45 46 47 48 49 | Next Page >

C++, name collision across different namespace

- by aaa

hello. I am baffled by the following name collision: namespace mp2 { boost::numeric::ublas::matrix_range<M> slice(M& m, const R1& r1, const R2& r2) { namespace ublas = boost::numeric::ublas; ublas::range r1_(r1.begin(), r1.end()), r2_(r2.begin(), r2.end()); return ublas::matrix_range<M>(m, r1_, r2_); } double energy(const Wavefunction &wf) { const Wavefunction::matrix& C = wf.coefficients(); int No = wf.occupied().size(); foreach (const Basis::MappedShell& P, basis.shells()) { slice(C, range(No), range(P)); the error from g++4.4 is 7 In file included from mp2.cpp:1: 8 /usr/include/boost/numeric/ublas/fwd.hpp: In function âdouble mp2::energy(const Wavefunction&)â: 9 /usr/include/boost/numeric/ublas/fwd.hpp:32: error: âboost::numeric::ublas::sliceâ is not a function, 10 ../../src/mp2/energy.hpp:98: error: conflict with âtemplate<class M, class R1, class R2> boost::numeric::ublas::matrix_range<M> mp2::slice(M&, const R1&, const R2&)â 11 ../../src/mp2/energy.hpp:123: error: in call to âsliceâ 12 /usr/include/boost/numeric/ublas/fwd.hpp:32: error: âboost::numeric::ublas::sliceâ is not a function, 13 ../../src/mp2/energy.hpp:98: error: conflict with âtemplate<class M, class R1, class R2> boost::numeric::ublas::matrix_range<M> mp2::slice(M&, const R1&, const R2&)â 14 ../../src/mp2/energy.hpp:129: error: in call to âsliceâ 15 make: *** [mp2.lo] Error 1 ublas segment is namespace boost { namespace numeric { namespace ublas { typedef basic_slice<> slice; why is slice in ublas collides with slice in mp2? I and fairly certain there is no using namespace ublas in the code and in includes. thank you

Read the article
Is this a good starting point for iptables in Linux?

- by sbrattla

Hi, I'm new to iptables, and i've been trying to put together a firewall which purpose is to protect a web server. The below rules are the ones i've put together so far, and i would like to hear if the rules makes sense - and wether i've left out anything essential? In addition to port 80, i also need to have port 3306 (mysql) and 22 (ssh) open for external connections. Any feedback is highly appreciated! #!/bin/sh # Clear all existing rules. iptables -F # ACCEPT connections for loopback network connection, 127.0.0.1. iptables -A INPUT -i lo -j ACCEPT # ALLOW established traffic iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # DROP packets that are NEW but does not have the SYN but set. iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # DROP fragmented packets, as there is no way to tell the source and destination ports of such a packet. iptables -A INPUT -f -j DROP # DROP packets with all tcp flags set (XMAS packets). iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # DROP packets with no tcp flags set (NULL packets). iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # ALLOW ssh traffic (and prevent against DoS attacks) iptables -A INPUT -p tcp --dport ssh -m limit --limit 1/s -j ACCEPT # ALLOW http traffic (and prevent against DoS attacks) iptables -A INPUT -p tcp --dport http -m limit --limit 5/s -j ACCEPT # ALLOW mysql traffic (and prevent against DoS attacks) iptables -A INPUT -p tcp --dport mysql -m limit --limit 25/s -j ACCEPT # DROP any other traffic. iptables -A INPUT -j DROP

Read the article
JavaScript automatically converts some special characters

- by noplacetoh1de

I need to extract a HTML-Substring with JS which is position dependent. I store special characters HTML-encoded. For example: HTML <div id="test"><p>lösen & grüßen</p></div>? Text lösen & grüßen My problem lies in the JS-part, for example when I try to extract the fragment lö, which has the HTML-dependent starting position of 3 and the end position of 9 inside the <div> block. JS seems to convert some special characters internally so that the count from 3 to 9 is wrongly interpreted as "lösen " and not "lö". Other special characters like the & are not affected by this. So my question is, if someone knows why JS is behaving in that way? Characters like ä or ö are being converted while characters like & or   are plain. Is there any possibility to avoid this conversion? I've set up a fiddle to demonstrate this: JSFiddle Thanks for any help! EDIT: Maybe I've explained it a bit confusing, sorry for that. What I want is the HTML: <p>lösen & grüßen</p> . Every special character should be unconverted, except the HTML-Tags. Like in the HTML above. But JS converts the ö or ü into ö or ü automatically, what I need to avoid.

Read the article
loading.gif ( but customized )

- by 422

I know the various websites around the tinternet, that allow you to customize a loading.gif etc, but what I wanted to know... Is there a way, aside from creating a gif with adobe etc, to create custom text loading... So instead of the ubiquitous spinner, you can specify text that animates whilst an image loads. I have searched high and low, and not found anything. Nearest I got was a jquery spinner, but thats not what I am after. Wondered if any of you guys had come across this before. If so, what did you do to customize it.. Example: Sometimes you may see the following animated ( as a gif ) L...... LO..... LOA.... LOAD... LOADI.. LOADIN. LOADING I know the above is done by creating a loop of animations, but wondered if there was a more upto date method of creating custom loading messages, perhaps using jquery ... I have seen it done in flash etc

Read the article
AIX 6.1 unable to build apache module

- by user3715581

In Aix 6.1/ Apache version 2.2.8 packaged as part of IBM WebSphere. We should have had mod_dumpio for this version but for some reasons IBM did not include it. So we are trying to build this module(in few many ways) but none of them worked. 1) Using apxs:- Failed with the "xlc_r" not found as compile option for libtool. So based on an article online, we changed to "gcc" and we have to remove -qmaxmem and -qHALT to make it work. Result we see a .lo created but LoadModule fails(unable to find .loader section). 2) Using gcc:- Command "gcc -fpic -DSHARED_MODULE -I -c mod_dumpio.c" After running this command, we can see .o file created and then we tried to execute "ld -Bshareable -o mod_dumpio.so mod_dumpio.o" whereas AIX complaining about -Bshareable so we tried using this command "gcc -shared -I -o mod_dumpio.so mod_dumpio.o" whereas the error was "libgcc_s" not found. Then we added -static-libgcc to the above command and it was not resolving .h file functions (Unknown symbols). From IBM AIX site, libgcc_s costs around $2k. We think our second approach may work but we dont know how to instruct gcc to look for .h files while building .so from .o. Any help is appreciated.

Read the article
Sparc Assembly Call currupts data

- by Sigge

I am at the moment working with some assembler code for the Sparc processor family, and i am having some truble with a piece of code.. I think the code and output explains more, but in the short.. When i do a call to the function println my varaibels that i have written to the %fp - 8 memory location is destoryed.. here is my assembler code that i am trying to run !PROCEDURE main .section ".text" .global main .align 4 main: save %sp, -96, %sp L1: set 96, %l0 mov %l0, %o0 call initObject ; nop mov %o0, %l0 mov %l0, %o0 call Test$go ; nop mov %o0, %l0 mov %l0, %o0 call println ; nop L0: ret restore !END main !PROCEDURE Test$go .section ".text" .global Test$go .align 4 Test$go: save %sp, -96, %sp L3: mov %i0, %l0 set 0, %l0 set -8, %l1 add %fp,%l1, %l1 st %l0, [%l1] set 1, %l0 mov %l0, %o0 call println ; nop set -8, %l0 add %fp,%l0, %l0 ld [%l0], %l0 mov %l0, %o0 call println ; nop set 1, %l0 mov %l0, %i0 L2: ret restore !END Test$go Here is the assembler code for the println code .global println .type println,#function println: save %sp,-96,%sp ! block 1 .L193: ! File runtime.c: ! 42 } ! 43 ! 45 /** ! 46 Prints an integer to the standard output stream. ! 47 ! 48 @param i The integer to be printed. ! 49 */ ! 50 void println(int i) { ! 51 printf("%d\n", i); sethi %hi(.L195),%o0 or %o0,%lo(.L195),%o0 call printf mov %i0,%o1 jmp %i7+8 restore This is the out put i get when i run this piece of assembler code 1 67584 1 As u can see, the data that is located at %fp - 8 has been destroyed.. please all feedback is apritiated

Read the article
Sparc Assembly Call corrupts data

- by Sigge

I am at the moment working with some assembler code for the Sparc processor family, and i am having some truble with a piece of code.. I think the code and output explains more, but in the short.. When i do a call to the function println my varaibels that i have written to the %fp - 8 memory location is destoryed.. here is my assembler code that i am trying to run !PROCEDURE main .section ".text" .global main .align 4 main: save %sp, -96, %sp L1: set 96, %l0 mov %l0, %o0 call initObject ; nop mov %o0, %l0 mov %l0, %o0 call Test$go ; nop mov %o0, %l0 mov %l0, %o0 call println ; nop L0: ret restore !END main !PROCEDURE Test$go .section ".text" .global Test$go .align 4 Test$go: save %sp, -96, %sp L3: mov %i0, %l0 set 0, %l0 set -8, %l1 add %fp,%l1, %l1 st %l0, [%l1] set 1, %l0 mov %l0, %o0 call println ; nop set -8, %l0 add %fp,%l0, %l0 ld [%l0], %l0 mov %l0, %o0 call println ; nop set 1, %l0 mov %l0, %i0 L2: ret restore !END Test$go Here is the assembler code for the println code .global println .type println,#function println: save %sp,-96,%sp ! block 1 .L193: ! File runtime.c: ! 42 } ! 43 ! 45 /** ! 46 Prints an integer to the standard output stream. ! 47 ! 48 @param i The integer to be printed. ! 49 */ ! 50 void println(int i) { ! 51 printf("%d\n", i); sethi %hi(.L195),%o0 or %o0,%lo(.L195),%o0 call printf mov %i0,%o1 jmp %i7+8 restore This is the out put i get when i run this piece of assembler code 1 67584 1 As u can see, the data that is located at %fp - 8 has been destroyed.. please all feedback is apritiated

Read the article
PHP bcompiler install

- by dobs

How to install bcompiler on Fedora, have this error: [root@server server]# pecl install channel://pecl.php.net/bcompiler-0.9.1 downloading bcompiler-0.9.1.tgz ... Starting to download bcompiler-0.9.1.tgz (47,335 bytes) .............done: 47,335 bytes 10 source files, building running: phpize Configuring for: PHP Api Version: 20090626 Zend Module Api No: 20090626 Zend Extension Api No: 220090626 building in /var/tmp/pear-build-server/bcompiler-0.9.1 running: /var/tmp/bcompiler/configure checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for a sed that does not truncate output... /bin/sed checking for cc... cc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes .... /var/tmp/bcompiler/bcompiler.c:2174: ?????????: expected ‘struct zend_arg_info *’ but argument is of type ‘const struct _zend_arg_info *’ /var/tmp/bcompiler/bcompiler.c: ? ??????? ‘apc_serialize_zend_class_entry’: /var/tmp/bcompiler/bcompiler.c:3100: ??????????????: ???????????? ???????? ????????????? ?????????? ???? /var/tmp/bcompiler/bcompiler.c:3107: ??????????????: ???????? ????????? 1 ‘apc_serialize_zend_function_entry’ ???????? ????????????? ?????????? ???? /var/tmp/bcompiler/bcompiler.c:2874: ?????????: expected ‘struct zend_function_entry *’ but argument is of type ‘const struct _zend_function_entry *’ /var/tmp/bcompiler/bcompiler.c: ? ??????? ‘apc_deserialize_zend_class_entry’: /var/tmp/bcompiler/bcompiler.c:3324: ??????????????: ???????? ????????? 1 ‘apc_deserialize_zend_function_entry’ ???????? ????????????? ?????????? ???? /var/tmp/bcompiler/bcompiler.c:2900: ?????????: expected ‘struct zend_function_entry *’ but argument is of type ‘const struct _zend_function_entry *’ make: *** [bcompiler.lo] ?????? 1 ERROR: 'make' failed yum install bzip2-libs bzip2-devel - Fix it...

Read the article
Errors when switching to specific static IP

- by michaelc

I had a Fedora box running using my static IP 69.169.136.6, etc, all configured according to what the ISP required. Just recently the hard drive failed (and I should have been keeping better backups) - while it is being recovered I would like to put up a webpage on my Archlinux PC explaining the problem - I presently do not have sufficient access to change the DNS record assigned to the domain. When I change my ip address while my system is running to 69.169.136.6, ifconfig reports the new ip address, but http://whatismyip.com/ does not. When I change it and reboot, I can't ping - the message I recieve is "connect: Network is unreachable" (when given one of google.com 's IP addresses - hostnames give me ping: unknown host xxx). Until I have access to the DNS system, what can I do to make this work? Edit: With new IP address, same problem, IP is now 69.169.136.29. Some commands might be useful: #ping 69.169.136.1 PING 69.169.136.1 (69.169.136.1) 56(84) bytes of data. 64 bytes from 69.169.136.1: icmp_seq=1 ttl=64 time=0.377 ms #ping 69.169.190.211 connect: Network is unreachable #ping 208.72.160.67 connect: Network is unreachable #ifconfig eth0 Link encap:Ethernet HWaddr 00:E0:4D:97:23:9B inet addr:69.169.136.29 Bcast:69.169.137.255 Mask:255.255.254.0 inet6 addr: fe80::2e0:4dff:fe97:239b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:132091 errors:0 dropped:0 overruns:0 frame:0 TX packets:17 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:9635179 (9.1 Mb) TX bytes:1322 (1.2 Kb) Interrupt:29 Base address:0x6000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:48 errors:0 dropped:0 overruns:0 frame:0 TX packets:48 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2480 (2.4 Kb) TX bytes:2480 (2.4 Kb) #ip route 69.169.136.0/23 dev eth0 proto kernel scope link src 69.169.136.29 #cat /etc/resolv.conf # Generated by dhcpcd #nameserver 208.67.222.222 #nameserver 208.67.220.220 nameserver 69.169.190.211 nameserver 208.72.160.67 # /etc/resolv.conf.tail can replace this line Update: have new static IP addresses, verified to work in Windows... Relevant portions of /etc/rc.conf below: #Static IP example #eth0="eth0 69.169.136.6 netmask 255.255.254.0 broadcast 69.169.136.1" #eth0="eth0 69.169.136.29 netmask 255.255.254.0 broadcast 69.169.137.255" eth0="eth0 69.169.136.32 netmask 255.255.254.0 broadcast 69.169.137.255" #eth0="dhcp" INTERFACES=(eth0) # Routes to start at boot-up (in this order) # Declare each route then list in ROUTES # - prefix an entry in ROUTES with a ! to disable it # #gateway="default gw 192.168.0.1" gateway="default gw 69.169.136.1" #gateway="69.169.136.1" ROUTES=(!gateway) #ROUTES=()

Read the article
L2TP iptables port forward

- by The_cobra666

Hi all, I'm setting up port forwarding for an L2TP VPN connection to the local Windows 2003 VPN server. The router is a simpel Debian machine with iptables. The VPN server works perfect. But I cannot log in from the WAN. I'm missing something. The VPN server is using a pre-shared key (L2TP) and give's out an IP in the range: 192.168.3.0. Local network range is 192.168.2.0/24 I added the route: with route add -net 192.168.3.0 netmask 255.255.255.240 gw 192.168.2.13 (the vpn server) iptables -t nat -A PREROUTING -p udp --dport 1701 -i eth0 -j DNAT --to 192.168.2.13 iptables -A FORWARD -p udp --dport 1701 -j ACCEPT iptables -t nat -A PREROUTING -p udp --dport 500 -i eth0 -j DNAT --to 192.168.2.13 iptables -A FORWARD -p udp --dport 500 -j ACCEPT iptables -t nat -A PREROUTING -p udp --dport 4500 -i eth0 -j DNAT --to 192.168.2.13 iptables -A FORWARD -p udp --dport 4500 -j ACCEPT iptables -t nat -A PREROUTING -p 50 -j DNAT --to 192.168.2.13 iptables -A FORWARD -p 50 -j ACCEPT iptables -t nat -A PREROUTING -p 51 -j DNAT --to 192.168.2.13 iptables -A FORWARD -p 51 -j ACCEPT The whole iptables script is (without the line's from above): echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/tcp_syncookies #Flush table's iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -t nat -F #Drop traffic iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT #verkeer naar buiten toe laten en nat aanzetten iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #RDP forward voor windows servers iptables -t nat -A PREROUTING -p tcp --dport 3389 -i eth0 -j DNAT --to 192.168.2.10:3389 iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 3340 -i eth0 -j DNAT --to 192.168.2.12:3340 iptables -A FORWARD -p tcp --dport 3340 -j ACCEPT #toestaan SSH verkeer iptables -t nat -A PREROUTING -p tcp --dport 22 -i eth0 -j DNAT --to-destination 192.168.2.1 iptables -A INPUT -p tcp --dport 22 -j ACCEPT #toestaan verkeer loopback iptables -A INPUT -i lo -j ACCEPT #toestaan lokaal netwerk iptables -A INPUT -i eth1 -j ACCEPT #accepteren established traffic iptables -A INPUT -i eth0 --match state --state RELATED,ESTABLISHED -j ACCEPT #droppen ICMP boodschappen iptables -A INPUT -p icmp -i eth0 -m limit --limit 10/minute -j ACCEPT iptables -A INPUT -p icmp -i eth0 -j REJECT ifconfig eth1 192.168.2.1/24 ifconfig eth0 XXXXXXXXXXXXX/30 ifconfig eth0 up ifconfig eth1 up route add default gw XXXXXXXXXXXXXXXXXXX route add -net 192.168.3.0 netmask 255.255.255.240 gw 192.168.2.13

Read the article
Can't seem to install imagick

- by PolishHurricane

I'm trying to install the PHP PEAR PECL extension "imagick" (image magick), but failing horribly. It seems that I keed installing packages to progress, but this one has me stumped. It seems to fail all the way at the bottom. Please Note: I'm using ArchLinux, apt-get doesn't save me. [root@Crux tmp]# pecl install imagick downloading imagick-3.0.1.tgz ... Starting to download imagick-3.0.1.tgz (93,920 bytes) .....................done: 93,920 bytes 13 source files, building running: phpize Configuring for: PHP Api Version: 20100412 Zend Module Api No: 20100525 Zend Extension Api No: 220100525 Please provide the prefix of Imagemagick installation [autodetect] : building in /tmp/pear/temp/pear-build-rootLbSUWT/imagick-3.0.1 running: /tmp/pear/temp/imagick/configure --with-imagick checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for a sed that does not truncate output... /bin/sed checking for cc... cc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether cc accepts -g... yes checking for cc option to accept ISO C89... none needed checking how to run the C preprocessor... cc -E checking for icc... no checking for suncc... no checking whether cc understands -c and -o together... yes checking for system library directory... lib checking if compiler supports -R... no checking if compiler supports -Wl,-rpath,... yes checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for PHP prefix... /usr checking for PHP includes... -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib checking for PHP extension directory... /usr/lib/php/modules checking for PHP installed headers prefix... /usr/include/php checking if debug is enabled... no checking if zts is enabled... no checking for re2c... re2c checking for re2c version... 0.13.5 (ok) checking for gawk... gawk checking whether to enable the imagick extension... yes, shared checking whether to enable the imagick GraphicsMagick backend... no checking ImageMagick MagickWand API configuration program... found in /usr/bin/MagickWand-config checking if ImageMagick version is at least 6.2.4... found version 6.7.8 Q16 checking for MagickWand.h header file... found in /usr/include/ImageMagick/wand/MagickWand.h checking PHP version is at least 5.1.3... yes. found 5.4.6 checking for ld used by cc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld option to reload object files... -r checking for BSD-compatible nm... /usr/bin/nm -B checking whether ln -s works... yes checking how to recognize dependent libraries... pass_all checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking dlfcn.h usability... yes checking dlfcn.h presence... yes checking for dlfcn.h... yes checking the maximum length of command line arguments... 1572864 checking command to parse /usr/bin/nm -B output from cc object... ok checking for objdir... .libs checking for ar... ar checking for ranlib... ranlib checking for strip... strip checking if cc supports -fno-rtti -fno-exceptions... no checking for cc option to produce PIC... -fPIC checking if cc PIC flag -fPIC works... yes checking if cc static flag -static works... yes checking if cc supports -c -o file.o... yes checking whether the cc linker (/usr/bin/ld) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no creating libtool appending configuration tag "CXX" to libtool configure: creating ./config.status config.status: creating config.h running: make /bin/sh /tmp/pear/temp/pear-build-rootLbSUWT/imagick-3.0.1/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootLbSUWT/imagick-3.0.1/include -I/tmp/pear/temp/pear-build-rootLbSUWT/imagick-3.0.1/main -I/tmp/pear/temp/imagick -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_class.c -o imagick_class.lo mkdir .libs cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootLbSUWT/imagick-3.0.1/include -I/tmp/pear/temp/pear-build-rootLbSUWT/imagick-3.0.1/main -I/tmp/pear/temp/imagick -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_class.c -fPIC -DPIC -o .libs/imagick_class.o /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimagematteâ: /tmp/pear/temp/imagick/imagick_class.c:268:2: warning: âMagickGetImageMatteâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:82) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getsizeoffsetâ: /tmp/pear/temp/imagick/imagick_class.c:406:2: warning: passing argument 2 of âMagickGetSizeOffsetâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:87:3: note: expected âssize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_paintfloodfillimageâ: /tmp/pear/temp/imagick/imagick_class.c:1016:3: warning: âMagickPaintFloodfillImageâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:99) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c:1019:3: warning: âMagickPaintFloodfillImageâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:99) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimagepropertiesâ: /tmp/pear/temp/imagick/imagick_class.c:1083:2: warning: passing argument 3 of âMagickGetImagePropertiesâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:35:5: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimageprofilesâ: /tmp/pear/temp/imagick/imagick_class.c:1131:2: warning: passing argument 3 of âMagickGetImageProfilesâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:33:5: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_recolorimageâ: /tmp/pear/temp/imagick/imagick_class.c:1402:2: warning: âMagickRecolorImageâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:109) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_setfontâ: /tmp/pear/temp/imagick/imagick_class.c:1442:3: error: âstruct _php_core_globalsâ has no member named âsafe_modeâ /tmp/pear/temp/imagick/imagick_class.c:1442:3: error: âCHECKUID_CHECK_FILE_AND_DIRâ undeclared (first use in this function) /tmp/pear/temp/imagick/imagick_class.c:1442:3: note: each undeclared identifier is reported only once for each function it appears in /tmp/pear/temp/imagick/imagick_class.c:1442:3: error: âCHECKUID_NO_ERRORSâ undeclared (first use in this function) /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_queryformatsâ: /tmp/pear/temp/imagick/imagick_class.c:2580:2: warning: passing argument 2 of âMagickQueryFormatsâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:41:5: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_queryfontsâ: /tmp/pear/temp/imagick/imagick_class.c:2607:2: warning: passing argument 2 of âMagickQueryFontsâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:40:5: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_colorfloodfillimageâ: /tmp/pear/temp/imagick/imagick_class.c:3396:2: warning: âMagickColorFloodfillImageâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:75) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_mapimageâ: /tmp/pear/temp/imagick/imagick_class.c:3730:2: warning: âMagickMapImageâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:86) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_mattefloodfillimageâ: /tmp/pear/temp/imagick/imagick_class.c:3763:2: warning: âMagickMatteFloodfillImageâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:88) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_medianfilterimageâ: /tmp/pear/temp/imagick/imagick_class.c:3790:2: warning: âMagickMedianFilterImageâ is deprecated (declared at /usr/include/ImageMagick/wand/magick-image.h:217) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_paintopaqueimageâ: /tmp/pear/temp/imagick/imagick_class.c:3853:2: warning: âMagickPaintOpaqueImageChannelâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:104) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_painttransparentimageâ: /tmp/pear/temp/imagick/imagick_class.c:3916:2: warning: âMagickPaintTransparentImageâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:107) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_reducenoiseimageâ: /tmp/pear/temp/imagick/imagick_class.c:4059:2: warning: âMagickReduceNoiseImageâ is deprecated (declared at /usr/include/ImageMagick/wand/magick-image.h:266) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimageattributeâ: /tmp/pear/temp/imagick/imagick_class.c:5068:2: warning: âMagickGetImageAttributeâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:59) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimagechannelextremaâ: /tmp/pear/temp/imagick/imagick_class.c:5253:2: warning: âMagickGetImageChannelExtremaâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:78) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c:5253:2: warning: passing argument 3 of âMagickGetImageChannelExtremaâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:68:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/deprecate.h:78:3: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c:5253:2: warning: passing argument 4 of âMagickGetImageChannelExtremaâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:68:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/deprecate.h:78:3: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimageextremaâ: /tmp/pear/temp/imagick/imagick_class.c:5506:2: warning: âMagickGetImageExtremaâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:80) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c:5506:2: warning: passing argument 2 of âMagickGetImageExtremaâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:68:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/deprecate.h:80:3: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c:5506:2: warning: passing argument 3 of âMagickGetImageExtremaâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:68:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/deprecate.h:80:3: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimagehistogramâ: /tmp/pear/temp/imagick/imagick_class.c:5629:2: warning: passing argument 2 of âMagickGetImageHistogramâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:74:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-image.h:415:5: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimagepageâ: /tmp/pear/temp/imagick/imagick_class.c:5740:2: warning: passing argument 2 of âMagickGetImagePageâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:74:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-image.h:192:3: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c:5740:2: warning: passing argument 3 of âMagickGetImagePageâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:74:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-image.h:192:3: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c:5740:2: warning: passing argument 4 of âMagickGetImagePageâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:74:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-image.h:192:3: note: expected âssize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c:5740:2: warning: passing argument 5 of âMagickGetImagePageâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:74:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-image.h:192:3: note: expected âssize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimageindexâ: /tmp/pear/temp/imagick/imagick_class.c:6344:2: warning: âMagickGetImageIndexâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:65) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_setimageindexâ: /tmp/pear/temp/imagick/imagick_class.c:6369:2: warning: âMagickSetImageIndexâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:113) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getimagesizeâ: /tmp/pear/temp/imagick/imagick_class.c:6447:2: warning: âMagickGetImageSizeâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:140) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_setimageattributeâ: /tmp/pear/temp/imagick/imagick_class.c:6796:2: warning: âMagickSetImageAttributeâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:111) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_flattenimagesâ: /tmp/pear/temp/imagick/imagick_class.c:7043:2: warning: âMagickFlattenImagesâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:132) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_averageimagesâ: /tmp/pear/temp/imagick/imagick_class.c:8079:2: warning: âMagickAverageImagesâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:131) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_mosaicimagesâ: /tmp/pear/temp/imagick/imagick_class.c:8516:2: warning: âMagickMosaicImagesâ is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:135) [-Wdeprecated-declarations] /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getpageâ: /tmp/pear/temp/imagick/imagick_class.c:9126:2: warning: passing argument 2 of âMagickGetPageâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:84:3: note: expected âsize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c:9126:2: warning: passing argument 3 of âMagickGetPageâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:84:3: note: expected âsize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c:9126:2: warning: passing argument 4 of âMagickGetPageâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:84:3: note: expected âssize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c:9126:2: warning: passing argument 5 of âMagickGetPageâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:84:3: note: expected âssize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getquantumdepthâ: /tmp/pear/temp/imagick/imagick_class.c:9154:2: warning: passing argument 1 of âMagickGetQuantumDepthâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:52:4: note: expected âsize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getquantumrangeâ: /tmp/pear/temp/imagick/imagick_class.c:9176:2: warning: passing argument 1 of âMagickGetQuantumRangeâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:53:4: note: expected âsize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getsamplingfactorsâ: /tmp/pear/temp/imagick/imagick_class.c:9247:2: warning: passing argument 2 of âMagickGetSamplingFactorsâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:59:4: note: expected âsize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getsizeâ: /tmp/pear/temp/imagick/imagick_class.c:9273:2: warning: passing argument 2 of âMagickGetSizeâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:86:3: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c:9273:2: warning: passing argument 3 of âMagickGetSizeâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:86:3: note: expected âsize_t *â but argument is of type âlong unsigned int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_getversionâ: /tmp/pear/temp/imagick/imagick_class.c:9299:2: warning: passing argument 1 of âMagickGetVersionâ from incompatible pointer type [enabled by default] In file included from /usr/include/ImageMagick/wand/MagickWand.h:73:0, from /tmp/pear/temp/imagick/php_imagick.h:49, from /tmp/pear/temp/imagick/imagick_class.c:21: /usr/include/ImageMagick/wand/magick-property.h:55:4: note: expected âsize_t *â but argument is of type âlong int *â /tmp/pear/temp/imagick/imagick_class.c: In function âzim_imagick_setimageprogressmonitorâ: /tmp/pear/temp/imagick/imagick_class.c:9534:2: error: âstruct _php_core_globalsâ has no member named âsafe_modeâ /tmp/pear/temp/imagick/imagick_class.c:9534:2: error: âCHECKUID_CHECK_FILE_AND_DIRâ undeclared (first use in this function) /tmp/pear/temp/imagick/imagick_class.c:9534:2: error: âCHECKUID_NO_ERRORSâ undeclared (first use in this function) make: *** [imagick_class.lo] Error 1 ERROR: `make' failed

Read the article
VPN iptables Forwarding: Net-to-net

- by Mike Holler

I've tried to look elsewhere on this site but I couldn't find anything matching this problem. Right now I have an ipsec tunnel open between our local network and a remote network. Currently, the local box running Openswan ipsec with the tunnel open can ping the remote ipsec box and any of the other computers in the remote network. When logged into on of the remote computers, I can ping any box in our local network. That's what works, this is what doesn't: I can't ping any of the remote computers via a local machine that is not the ipsec box. Here's a diagram of our network: [local ipsec box] ----------\ \ [arbitrary local computer] --[local gateway/router] -- [internet] -- [remote ipsec box] -- [arbitrary remote computer] The local ipsec box and the arbitrary local computer have no direct contact, instead they communicate through the gateway/router. The router has been set up to forward requests from local computers for the remote subnet to the ipsec box. This works. The problem is the ipsec box doesn't forward anything. Whenever an arbitrary local computer pings something on the remote subnet, this is the response: [user@localhost ~]# ping 172.16.53.12 PING 172.16.53.12 (172.16.53.12) 56(84) bytes of data. From 10.31.14.16 icmp_seq=1 Destination Host Prohibited From 10.31.14.16 icmp_seq=2 Destination Host Prohibited From 10.31.14.16 icmp_seq=3 Destination Host Prohibited Here's the traceroute: [root@localhost ~]# traceroute 172.16.53.12 traceroute to 172.16.53.12 (172.16.53.12), 30 hops max, 60 byte packets 1 router.address.net (10.31.14.1) 0.374 ms 0.566 ms 0.651 ms 2 10.31.14.16 (10.31.14.16) 2.068 ms 2.081 ms 2.100 ms 3 10.31.14.16 (10.31.14.16) 2.132 ms !X 2.272 ms !X 2.312 ms !X That's the IP for our ipsec box it's reaching, but it's not being forwarded. On the IPSec box I have enabled IP Forwarding in /etc/sysctl.conf net.ipv4.ip_forward = 1 And I have tried to set up IPTables to forward: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [759:71213] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 500 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 4500 -j ACCEPT -A INPUT -m policy --dir in --pol ipsec -j ACCEPT -A INPUT -p esp -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -s 10.31.14.0/24 -d 172.16.53.0/24 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Am I missing a rule in IPTables? Is there something I forgot? NOTE: All the machines are running CentOS 6.x Edit: Note 2: eth1 is the only network interface on the local ipsec box.

Read the article
My current iptable configuration doesn't work [on hold]

- by Brad

sudo chkconfig iptables off /etc/init.d/iptables on ### Clear/flush iptables sudo iptables -F sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT ### Allow SSH iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT ### Allow YUM updates sudo iptables -A OUTPUT -o eth0 -p tcp --dport 80 --match owner --uid-owner 0 --state NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p tcp --dport 443 --match owner --uid-owner 0 --state NEW,ESTABLISHED -j ACCEPT ### Add your rules form the link above, here # ftp,smtp,imap,http,https,pop3,imaps,pop3s sudo iptables -A INPUT -i eth0 -p tcp -m multiport --dports 21,25,143,80,443,110,993,995 -m state --state NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 21,25,143,80,110,443,993,995 -m state --state NEW,ESTABLISHED -j ACCEPT ## allow dns sudo iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT && sudo iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT # handling pings sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT && sudo iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT sudo iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT && sudo iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT # manage ddos attacks sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT ## Implement some logging so that we know what's getting dropped sudo iptables -N LOGGING sudo iptables -A INPUT -j LOGGING sudo iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7 sudo iptables -A LOGGING -j DROP # once a rule affects traffic then it is no longer managed # so if the traffic has not been accepted, block it sudo iptables -A INPUT -j DROP sudo iptables -I INPUT 1 -i lo -j ACCEPT sudo iptables -A OUTPUT -j DROP # allow only internal port forwarding sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT sudo iptables -P FORWARD DROP # create an iptables config file sudo iptables-save > /root/dsl.fw ### Append the following to the rc.local file sudo nano /etc/rc.local ####--- /sbin/iptables-restore < sudo /root/dsl.fw ####--- /etc/init.d/iptables save ## check to see if this setting is working great. sudo service iptables restart ## log out/in testing sudo chkconfig iptables on What is the problem with this setup? If I restart the server it doesn't allow me back in SSH, and there may be a problem with Yum Original source of information: https://gist.github.com/Jonathonbyrd/1274837#file-instructions

Read the article
networking through openstack installed on vm

- by Mandar Katdare

I am trying to set up a test installation of Openstack on a Ubuntu 12.04 VM running on a ESXi server. So far I have been able to launch the VMs on the ESXi, however am unable to assign IP addresses to them. As the VM with the Openstack installation has a single public IP, I wish to assign IPs to the VMs create through Openstack so that they can directly interact with the public network itself without having a separate private network. So I feel that bridging would not be the correct option here. But am unable to find the correct documents to go ahead with such an install. My ifconfig looks as follows: eth0 Link encap:Ethernet HWaddr 00:0c:29:6f:8a:d7 inet addr:192.168.4.167 Bcast:192.168.4.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe6f:8ad7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:391640 errors:33 dropped:98 overruns:0 frame:0 TX packets:545044 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:40303931 (40.3 MB) TX bytes:763127348 (763.1 MB) Interrupt:18 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:146127 errors:0 dropped:0 overruns:0 frame:0 TX packets:146127 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:799815763 (799.8 MB) TX bytes:799815763 (799.8 MB) virbr0 Link encap:Ethernet HWaddr 8a:80:33:32:63:a0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) The eth0 is the adapter that I intend to use for all communication. My nova.conf looks as follows: --dhcpbridge_flagfile=/etc/nova/nova.conf --dhcpbridge=/usr/bin/nova-dhcpbridge --logdir=/var/log/nova --state_path=/var/lib/nova --lock_path=/var/lock/nova --allow_admin_api=true --use_deprecated_auth=false --auth_strategy=keystone --scheduler_driver=nova.scheduler.simple.SimpleScheduler --s3_host=192.168.4.167 --ec2_host=192.168.4.167 --rabbit_host=192.168.4.167 --cc_host=192.168.4.167 --nova_url=http://192.168.4.167:8774/v1.1/ --routing_source_ip=192.168.4.167 --glance_api_servers=192.168.4.167:9292 --image_service=nova.image.glance.GlanceImageService --iscsi_ip_prefix=192.168.4 --sql_connection=mysql://novadbadmin:[email protected]/nova --ec2_url=http://192.168.4.167:8773/services/Cloud --keystone_ec2_url=http://192.168.4.167:5000/v2.0/ec2tokens --api_paste_config=/etc/nova/api-paste.ini --libvirt_type=kvm --libvirt_use_virtio_for_bridges=true --start_guests_on_host_boot=true --resume_guests_state_on_host_boot=true --vnc_enabled=true --vncproxy_url=http://192.168.4.167:6080 --vnc_console_proxy_url=http://192.168.4.167:6080 # network specific settings --network_manager=nova.network.manager.FlatDHCPManager --public_interface=eth0 --vmwareapi_host_ip=192.168.4.254 --vmwareapi_host_username=**** --vmwareapi_host_password=**** --vmwareapi_wsdl_loc=http://127.0.0.1:8080/wsdl/vim25/vimService.wsdl --fixed_range=192.168.4.190/24 --floating_range=192.168.4.190/24 --network_size=32 --flat_network_dhcp_start=192.168.4.190 --flat_injected=False --force_dhcp_release --iscsi_helper=tgtadm --connection_type=vmwareapi --root_helper=sudo nova-rootwrap --verbose --libvirt_use_virtio_for_bridges --ec2_private_dns_show --novnc_enabled=true --novncproxy_base_url=http://192.168.4.167:6080/vnc_auto.html --vncserver_proxyclient_address=192.168.4.167 --vncserver_listen=192.168.4.167 192.168.4.167 is my VM with the Openstack installation and 192.168.4.254 is my ESXi server on which the VM runs. Can anyone advice me about how to proceed? Thanks, Mandar

Read the article
eth0:0 is configured but not listed in ifconfig output

- by FractalizeR

Hello. I have the following problem: My server was given two IPs from [b]different[/b] subnets. Now I am trying to configure the system to work properly. I have created [root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 # Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) HWADDR=00:30:48:DA:B1:0E DEVICE=eth0 BOOTPROTO=none BROADCAST=79.174.69.255 IPADDR=79.174.69.241 NETMASK=255.255.254.0 NETWORK=79.174.68.0 ONBOOT=yes GATEWAY=79.174.68.1 TYPE=Ethernet [root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:0 # Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) HWADDR=00:30:48:DA:B1:0E DEVICE=eth0 BOOTPROTO=none BROADCAST=79.174.69.255 IPADDR=79.174.71.74 NETMASK=255.255.255.0 NETWORK=79.174.71.1 ONBOOT=yes GATEWAY=79.174.71.1 TYPE=Ethernet But both after "service network restart" and after "reboot" [root@server ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:30:48:DA:B1:0E inet addr:79.174.71.74 Bcast:79.174.71.255 Mask:255.255.255.0 inet6 addr: fe80::230:48ff:feda:b10e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:910284 errors:0 dropped:0 overruns:0 frame:0 TX packets:2924 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:257964879 (246.0 MiB) TX bytes:232450 (227.0 KiB) Memory:df220000-df240000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:27 errors:0 dropped:0 overruns:0 frame:0 TX packets:27 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:6976 (6.8 KiB) TX bytes:6976 (6.8 KiB) Device eth0:0 is not shown as active. If I try [root@server ~]# ifconfig eth0:0 eth0:0 Link encap:Ethernet HWaddr 00:30:48:DA:B1:0E UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Memory:df220000-df240000 It is shown as up and running, but IP is not assigned to it. Also it is strange, that IP address assigned to eth0:0 in config file is used by eth0. /var/log/messages shows nothing about network configuration errors on either eth0 or eth0:0. system-config-network seem to understand all settings correctly and resaves them ok also. "ifup eth0:0" executes ok, but ifconfig afterwards shows no eth0:0 device after that. What did I do wrong? May be the problem is that IPs are from different subnets?

Read the article
Secure ldap problem

- by neverland

I have tried to config my openldap to have secure connection by using openssl on Debian5. By the way, I got trouble during the below command. ldap:/etc/ldap# slapd -h 'ldap:// ldaps://' -d1 >>> slap_listener(ldaps://) connection_get(15): got connid=7 connection_read(15): checking for input on id=7 connection_get(15): got connid=7 connection_read(15): checking for input on id=7 connection_get(15): got connid=7 connection_read(15): checking for input on id=7 connection_get(15): got connid=7 connection_read(15): checking for input on id=7 connection_read(15): unable to get TLS client DN, error=49 id=7 connection_get(15): got connid=7 connection_read(15): checking for input on id=7 ber_get_next ber_get_next on fd 15 failed errno=0 (Success) connection_closing: readying conn=7 sd=15 for close connection_close: conn=7 sd=15 Then I have search for "unable to get TLS client DN, error=49 id=7" but it seems no where has a good solution to this yet. Please help. Thanks # Well, I try to fix something to get it work but now I got this ldap:~# slapd -d 256 -f /etc/openldap/slapd.conf @(#) $OpenLDAP: slapd 2.4.11 (Nov 26 2009 09:17:06) $ root@SD6-Casa:/tmp/buildd/openldap-2.4.11/debian/build/servers/slapd could not stat config file "/etc/openldap/slapd.conf": No such file or directory (2) slapd stopped. connections_destroy: nothing to destroy. What should I do now? log : ldap:~# /etc/init.d/slapd start Starting OpenLDAP: slapd - failed. The operation failed but no output was produced. For hints on what went wrong please refer to the system's logfiles (e.g. /var/log/syslog) or try running the daemon in Debug mode like via "slapd -d 16383" (warning: this will create copious output). Below, you can find the command line options used by this script to run slapd. Do not forget to specify those options if you want to look to debugging output: slapd -h 'ldaps:///' -g openldap -u openldap -f /etc/ldap/slapd.conf ldap:~# tail /var/log/messages Feb 8 16:53:27 ldap kernel: [ 123.582757] intel8x0_measure_ac97_clock: measured 57614 usecs Feb 8 16:53:27 ldap kernel: [ 123.582801] intel8x0: measured clock 172041 rejected Feb 8 16:53:27 ldap kernel: [ 123.582825] intel8x0: clocking to 48000 Feb 8 16:53:27 ldap kernel: [ 131.469687] Adding 240932k swap on /dev/hda5. Priority:-1 extents:1 across:240932k Feb 8 16:53:27 ldap kernel: [ 133.432131] EXT3 FS on hda1, internal journal Feb 8 16:53:27 ldap kernel: [ 135.478218] loop: module loaded Feb 8 16:53:27 ldap kernel: [ 141.348104] eth0: link up, 100Mbps, full-duplex Feb 8 16:53:27 ldap rsyslogd: [origin software="rsyslogd" swVersion="3.18.6" x-pid="1705" x-info="http://www.rsyslog.com"] restart Feb 8 16:53:34 ldap kernel: [ 159.217171] NET: Registered protocol family 10 Feb 8 16:53:34 ldap kernel: [ 159.220083] lo: Disabled Privacy Extensions

Read the article
Connectivity issues with dual NIC machine in EC2

- by Matt Sieker

I'm trying to get some servers set up in EC2 in a Virtual Private Cloud. To do this, I have two subnets: 10.0.42.0/24 - Public subnet 10.0.83.0/24 - Private subnet To bridge these two, I have a Funtoo instance with a pair of NICs: eth0 10.0.42.10 eth1 10.0.83.10 Which has the following routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.83.0 * 255.255.255.0 U 0 0 0 eth1 10.0.83.0 * 255.255.255.0 U 203 0 0 eth1 10.0.42.0 * 255.255.255.0 U 202 0 0 eth0 loopback * 255.0.0.0 U 0 0 0 lo default 10.0.42.1 0.0.0.0 UG 0 0 0 eth0 default 10.0.42.1 0.0.0.0 UG 202 0 0 eth0 An elastic IP is attached to the eth0 interface, and I can connect to it fine remotely. However, I cannot ping anything in the 10.0.83.0 subnet. For now iptables is not set up on the box, so there's no rules that would get in the way (Eventually this will be managed by Shorewall, but I should get basic connectivity done first) Subnet details from the VPC interface: CIDR: 10.0.83.0/24 Destination Target 10.0.0.0/16 local 0.0.0.0/0 [ID of eth1 on NAT box] Network ACL: Default Inbound: Rule # Port (Service) Protocol Source Allow/Deny 100 ALL ALL 0.0.0.0/0 ALLOW * ALL ALL 0.0.0.0/0 DENY Outbound: Rule # Port (Service) Protocol Destination Allow/Deny 100 ALL ALL 0.0.0.0/0 ALLOW * ALL ALL 0.0.0.0/0 DENY CIDR: 10.0.83.0/24 VPC: Destination Target 10.0.0.0/16 local 0.0.0.0/0 [Internet Gateway ID] Network ACL: Default (replace) Inbound: Rule # Port (Service) Protocol Source Allow/Deny 100 ALL ALL 0.0.0.0/0 ALLOW * ALL ALL 0.0.0.0/0 DENY Outbound: Rule # Port (Service) Protocol Destination Allow/Deny 100 ALL ALL 0.0.0.0/0 ALLOW * ALL ALL 0.0.0.0/0 DENY I've been trying to work this out most of the evening, but I'm just stuck. I'm either missing something obvious, or am doing something very wrong. I would think I'd be able to ping from either interface on this box without issue. Hopefully some more pairs of eyes on this configuration will help. EDIT: I am an idiot. After I bothered to install nmap to run some more tests, I discover I can see the ports, and connect to them, pings are just being blocked.

Read the article
Iptables config breaks Java + Elastic Search communication

- by Agustin Lopez

I am trying to set up a firewall for a server hosting a java app and ES. Both are on the same server and communicate to each other. The problem I am having is that my firewall configuration prevents java from connecting to ES. Not sure why really.... I have tried lot of stuff like opening the port range 9200:9400 to the server ip without any luck but from what I know all communication inside the server should be allowed with this configuration. The idea is that ES should not be accessible from outside but it should be accessible from this java app and ES uses the port range 9200:9400. This is my iptables script: echo -e Deleting rules for INPUT chain iptables -F INPUT echo -e Deleting rules for OUTPUT chain iptables -F OUTPUT echo -e Deleting rules for FORWARD chain iptables -F FORWARD echo -e Setting by default the drop policy on each chain iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP echo -e Open all ports from/to localhost iptables -A INPUT -i lo -j ACCEPT echo -e Open SSH port 22 with brute force security iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 4 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j LOG --log-prefix "SSH brute force " iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT echo -e Open NGINX port 80 iptables -A INPUT -p tcp --dport 80 -j ACCEPT echo -e Open NGINX SSL port 443 iptables -A INPUT -p tcp --dport 443 -j ACCEPT echo -e Enable DNS iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT And I get this in the java app when this config is in place: org.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];[SERVICE_UNAVAILABLE/2/no master]; at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:292) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1185) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:304) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:300) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:700) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:760) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403) Do any of you see any problem with this configuration and ES? Thanks in advance

Read the article
radvd is not assigning prefix

- by Samik

I'm currently trying to setup IPv6 address auto-configuration with router advertisement daemon (radvd) on a virtual machine running CentOS 6.5. But the eth0 interface is not obtaining that prefix. I've obtained the ULA prefix from here. Contents of /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 net.ipv6.conf.all.forwarding = 1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 Contents of /etc/radvd.conf # NOTE: there is no such thing as a working "by-default" configuration file. # At least the prefix needs to be specified. Please consult the radvd.conf(5) # man page and/or /usr/share/doc/radvd-*/radvd.conf.example for help. # # interface eth0 { AdvSendAdvert on; MinRtrAdvInterval 3; MaxRtrAdvInterval 10; AdvDefaultPreference low; AdvHomeAgentFlag off; prefix fd8a:8d9d:808f:1::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; }; }; Contents of /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=52:54:00:74:d7:46 TYPE=Ethernet UUID=af5db1cb-e809-4098-be1a-5a74dbb767b1 ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=dhcp IPV6INIT=yes IPV6_AUTOCONF=yes I've also enabled radvd at startup through chkconfig. Though I noticed that radvd is starting after interfaces are brought up. I've tried restarting the network service afterwards but still I get the following link-local address only #ip -6 addr show 1: lo: mtu 16436 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qlen 1000 inet6 fe80::5054:ff:fe74:d746/64 scope link valid_lft forever preferred_lft forever Edit: Based on the answer given by Sander Steffann I still need clarification on some points but I'm posting here what worked. Contents of /etc/sysconfig/network NETWORKING=yes HOSTNAME=syslog-ng-server NETWORKING_IPV6=yes IPV6FORWARDING=yes Contents of /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=52:54:00:74:d7:46 TYPE=Ethernet UUID=af5db1cb-e809-4098-be1a-5a74dbb767b1 ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=dhcp IPV6INIT=yes IPV6_AUTOCONF=yes IPV6FORWARDING=no Removed following line from /etc/sysctl.conf net.ipv6.conf.all.forwarding = 1 Contents of /etc/radvd.conf is as previous.

Read the article
How to iptables forward ppp0 to eth0

- by HPHPHP2012

need your help with get it routing properly. I've server with eth0 (external interface) and eth1(internal interface). eth1 is merged into the bridge br0 (172.16.1.1) I've installed the pptp and successfully configured it, so I got ppp0 interface (192.168.91.1) and got my VPN clients successfully connected. So I need your help to manage how to allow my VPN clients use internet connection (eth0). Below my configuration files, any help is much appreciated! Thank you! P.S. VPN clients are Windows Xp, Windows 7, Mac OS X Lion, Ubuntu 12.04, iOS 5.x cat /etc/pptpd.conf #local server ip address localip 192.168.91.1 #remote addresses remoteip 192.168.91.11-254,192.168.91.10 #translating ip addresses on this interface bcrelay br0 cat /etc/ppp/pptpd-options name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 ms-dns 8.8.4.4 nodefaultroute lock nobsdcomp auth logfile /var/log/pptpd.log cat /etc/nat-up #!/bin/sh SERVER_IP="aaa.aaa.aaa.aaa" LOCAL_IP="172.16.1.1" #eth0 with public ip PUBLIC="eth0" #br0 is internal bridge on eth1 interface INTERNAL="br0" #vpn VPN="ppp0" #local LOCAL="lo" iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A INPUT -i $LOCAL -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW ! -i $PUBLIC -j ACCEPT ####CLEAR CONFIG#### #iptables -A FORWARD -i $PUBLIC -o $INTERNAL -m state --state ESTABLISHED,RELATED -j ACCEPT #iptables -A FORWARD -i $PUBLIC -o $INTERNAL -j ACCEPT #iptables -A FORWARD -i $INTERNAL -o $PUBLIC -j ACCEPT #iptables -t nat -A POSTROUTING -j MASQUERADE ####THIS PART IS NOT HANDLING IT#### iptables -A FORWARD -i $PUBLIC -o $VPN -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $PUBLIC -o $VPN -j ACCEPT iptables -A FORWARD -s 192.168.91.0/24 -o $PUBLIC -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.91.0/24 -o $PUBLIC -j MASQUERADE # VPN - PPTPD iptables -A INPUT -p gre -s 0/0 -j ACCEPT iptables -A OUTPUT -p gre -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --dport 1723 -j ACCEPT #SSH iptables -A INPUT -p tcp --dport 2222 -j ACCEPT iptables -A OUTPUT -p tcp --sport 2222 -j ACCEPT #BLACKLIST BLOCKDB="/etc/ip.blocked" IPS=$(grep -Ev "^#" $BLOCKDB) for i in $IPS do iptables -A INPUT -s $i -j DROP iptables -A OUTPUT -d $i -j DROP done

Read the article
Secure ldap problem

- by neverland

Hi there, I have tried to config my openldap to have secure connection by using openssl on Debian5. By the way, I got trouble during the below command. ldap:/etc/ldap# slapd -h 'ldap:// ldaps://' -d1 >>> slap_listener(ldaps://) connection_get(15): got connid=7 connection_read(15): checking for input on id=7 connection_get(15): got connid=7 connection_read(15): checking for input on id=7 connection_get(15): got connid=7 connection_read(15): checking for input on id=7 connection_get(15): got connid=7 connection_read(15): checking for input on id=7 connection_read(15): unable to get TLS client DN, error=49 id=7 connection_get(15): got connid=7 connection_read(15): checking for input on id=7 ber_get_next ber_get_next on fd 15 failed errno=0 (Success) connection_closing: readying conn=7 sd=15 for close connection_close: conn=7 sd=15 Then I have search for "unable to get TLS client DN, error=49 id=7" but it seems no where has a good solution to this yet. Please help. Thanks # Well, I try to fix something to get it work but now I got this ldap:~# slapd -d 256 -f /etc/openldap/slapd.conf @(#) $OpenLDAP: slapd 2.4.11 (Nov 26 2009 09:17:06) $ root@SD6-Casa:/tmp/buildd/openldap-2.4.11/debian/build/servers/slapd could not stat config file "/etc/openldap/slapd.conf": No such file or directory (2) slapd stopped. connections_destroy: nothing to destroy. What should I do now? log : ldap:~# /etc/init.d/slapd start Starting OpenLDAP: slapd - failed. The operation failed but no output was produced. For hints on what went wrong please refer to the system's logfiles (e.g. /var/log/syslog) or try running the daemon in Debug mode like via "slapd -d 16383" (warning: this will create copious output). Below, you can find the command line options used by this script to run slapd. Do not forget to specify those options if you want to look to debugging output: slapd -h 'ldaps:///' -g openldap -u openldap -f /etc/ldap/slapd.conf ldap:~# tail /var/log/messages Feb 8 16:53:27 ldap kernel: [ 123.582757] intel8x0_measure_ac97_clock: measured 57614 usecs Feb 8 16:53:27 ldap kernel: [ 123.582801] intel8x0: measured clock 172041 rejected Feb 8 16:53:27 ldap kernel: [ 123.582825] intel8x0: clocking to 48000 Feb 8 16:53:27 ldap kernel: [ 131.469687] Adding 240932k swap on /dev/hda5. Priority:-1 extents:1 across:240932k Feb 8 16:53:27 ldap kernel: [ 133.432131] EXT3 FS on hda1, internal journal Feb 8 16:53:27 ldap kernel: [ 135.478218] loop: module loaded Feb 8 16:53:27 ldap kernel: [ 141.348104] eth0: link up, 100Mbps, full-duplex Feb 8 16:53:27 ldap rsyslogd: [origin software="rsyslogd" swVersion="3.18.6" x-pid="1705" x-info="http://www.rsyslog.com"] restart Feb 8 16:53:34 ldap kernel: [ 159.217171] NET: Registered protocol family 10 Feb 8 16:53:34 ldap kernel: [ 159.220083] lo: Disabled Privacy Extensions

Read the article
How to add an iptables rule with source IP address

- by ???

I have a bash script that starts with this: if [[ $EUID -ne 0 ]]; then echo "Permission denied (are you root?)." exit 1 elif [ $# -ne 1 ] then echo "Usage: install-nfs-server <client network/CIDR>" echo "$ bash install-nfs-server 192.168.1.1/24" exit 2 fi; I then try to add the iptables rules for NFS as follows: iptables -A INPUT -i eth0 -p tcp -s $1 --dport 111 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 111 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p udp -s $1 --dport 111 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 111 -m state --state ESTABLISHED -j ACCEPT service iptables save service iptables restart I get the error: Try iptables -h' or 'iptables --help' for more information. Bad argument111' Try iptables -h' or 'iptables --help' for more information. Bad argument111' Saving firewall rules to /etc/sysconfig/iptables: ^[[60G[^[[0;32m OK ^[[0;39m]^M Flushing firewall rules: ^[[60G[^[[0;32m OK ^[[0;39m]^M Setting chains to policy ACCEPT: filter ^[[60G[^[[0;32m OK ^[[0;39m]^M Unloading iptables modules: ^[[60G[^[[0;32m OK ^[[0;39m]^M Applying iptables firewall rules: ^[[60G[^[[0;32m OK ^[[0;39m]^M Loading additional iptables modules: ip_conntrack_netbios_ns ^[[60G[^[[0;32m OK ^[[0;39m]^M When I open /etc/sysconfig/iptables these are the rules: # Generated by iptables-save v1.3.5 on Mon Mar 26 08:00:42 2012 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [466:54208] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A OUTPUT -o eth0 -p tcp -m tcp --sport 111 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --sport 111 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 111 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --sport 111 -m state --state ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Mon Mar 26 08:00:42 2012 ~ "/etc/sysconfig/iptables" 32L, 1872C I've also tried: iptables -I RH-Firewall-1-INPUT 1 -m state --state NEW -m tcp -p tcp --source $1 --dport 111 -j ACCEPT iptables -I RH-Firewall-1-INPUT 2 -m udp -p udp --source $1 --dport 111 -j ACCEPT

Read the article
My server freezes within a few hours of logging out. Staying logged in keeps the server running

- by HappyEngineer

I have an Ubuntu Godaddy server I use to host mail and webapps. It started having problems a couple months ago. It would lock up and stop responding to anything. I couldn't ssh into it, so I'd have godaddy power cycle the server. I have never seen anything that looked suspicious in the var logs (although I'm no expert at reading them). An fsck turned up no problems. Godaddy replaced the ram, but found no hardware problems. I started logging the output from "top" to a log file and found that even that stops running when the server freezes. Now, here is the crazy part: It got so bad that it would actually go down every few hours, but then it stopped going down. I eventually realized I had left an ssh terminal logged into the machine running top. This seemed unlikely to be a reason, but after the server was up with no problems for a full week (remember, it had been going down after just a few hours), I disconnected from the ssh session. Lo and behold, within a few hours the server froze again! I had them power cycle again and then left another ssh session open with top. It has been going without problems for 8 days now. I told others about this and they hardly believe me. I simply can't imagine what is going on. I don't know what else to try other than to just get a new server and reinstall everything. Does anyone have any ideas about what I can look for to determine what the cause is? Is it possible there's some sort of exploit on the server which only runs if everyone is logged out of the system? EDIT: The power management gone haywire sounds plausible, so I've modified the /boot/grub/menu.lst to boot with acpi=off and apm=off. It appears to have prevented kacpid and kacpid_notify from being in the process list, so I assume I did that right. I've disconnected all my sessions from the server. I'll check later tonight to see if it's still up. If it goes down then I'll try the pinging process idea. EDIT: It went down again. It lasted about a day. I've had them reboot, so now I'll try running "nohup ping -i 5 google.com &" and then disconnect. If it goes down again I'll come back. Hopefully someone will have some more ideas.

Read the article
Archlinux/atheros WLAN configuration troubles

- by GrinReaper

I'm trying to config archlinux to use my wireless network adapter. It's quite troublesome. From what I've gathered, it's an atheros network adapter, using the ath5k driver/module... I can't get it to work; any ideas? Here's some of the output from my tinkering: # lspci | grep -i net 00:0a.0 Ethernet controller: nVidia corporation MCP67 Ethernet (reva2) 03:00.0 Ethernet controller: atheros communications inc. AR5001 Wireless Network Adapter (rev01) # lsusb ... Bus 004 Device 003: ID 03f0:17d Hewlett Packard Wireless (Bluetooth + WLAN Interface [Integrated Module] # ping -c 3 www.google.com ping: unknown host www.google.com #ping -c 3 8.8.8.8 ping: network is unreachable # lspci -v 03:00.0 Ethernet controller: atheros communications inc. AR5001 Wireless Network Adapter (rev01) ... Kernel driver in use: ath5k Kernel modules: ath5k # dmesg |grep ath5k registered as phy0 registered led device ath5k: atheros chip found PCI INT A disabled registered led device registered as phy1 # ip addr | sed '/^[0-9]/!d;s/: <.*$//' 1: lo 2: eth1 3: eth0 # ip link set <interface> up/down RNETLINK answers: Operation not possible due to RF-kill Also, is there a way to dump text from command-line to a text file so i can just copy pasta? Sorry, first time using a linux distro... EDIT: So I just tried this: I actually just did this twice. (I can't tell which setting is on/off for my wireless adapter. The lights are blue all the time now.) #rfkill list 0: hp-wifi: wireless lan softblocked: no hardblocked :yes 1: hp-bluetooth: bluetooth softblocked: no hardblocked :yes 3: phy1: wireless lan softblocked: no hardblocked :yes #rfkill list 0: hp-wifi: wireless lan softblocked: no hardblocked :no 1: hp-bluetooth: bluetooth softblocked: no hardblocked no 3: phy1: wireless lan softblocked: no hardblocked :yes 7: hci0: bluetooh 0: hp-wifi: wireless lan softblocked: no hardblocked :no I've dug around some other articles and it seems like ath5k is supposed to be preferable to madwifi, so should i be using madwifi? I'm 99% sure I disabled the hardblock (by turning it ON) but, as shown above, phy1 wireless lan is STILL hardblocked. What gives? Maybe I've made some more fundamental error in a basic config file? EDIT: I've fixed the hardblock. I've tried pinging www.google.com, but to no avail. I get: ping: unknown host www.google.com In the arch wiki: Edit /etc/hosts and add the same HOSTNAME you entered in /etc/rc.conf: 127.0.0.1 archlinux.domain.org localhost.localdomain localhost archlinux To my understanding, hostname is just a user-specified and based on preference(?) My /etc/rc.conf: HOSTNAME="gestalt" My /etc/hosts: 127.0.0.1 localhost.localdomain localhost gestalt but should it be the following? 120.0.0.1 localhost.domain.org localhost.localdomain localhost gestalt

Read the article
Mysql server fails to start

- by Nicolas Thery

Googling since two hours, I require your assistance. I'm on a Debian virtual machine and I cloned it. The only change is the new IP adress it has. Mysql doesn't start any more: Starting MySQL database server: mysqld . . . . . . . . . . . . . . failed! There is no process called mysql. All the mysql log files in /var/log are empty. here is my.cnf file : [client] port = 3306 socket = /var/run/mysqld/mysqld.sock [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp language = /usr/share/mysql/english skip-external-locking bind-address = 127.0.0.1 key_buffer = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 myisam-recover = BACKUP query_cache_limit = 1M query_cache_size = 16M general_log_file = /var/log/mysql/mysql.log log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 max_binlog_size = 100M [mysqldump] quick quote-names max_allowed_packet = 16M [mysql] [isamchk] key_buffer = 16M [mysqld_safe] syslog Here is the result of ifconfig : eth0 Link encap:Ethernet HWaddr 00:0c:29:12:98:9a inet adr:192.168.1.138 Bcast:192.168.1.255 Masque:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:754 errors:0 dropped:0 overruns:0 frame:0 TX packets:106 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:1000 RX bytes:101177 (98.8 KiB) TX bytes:17719 (17.3 KiB) lo Link encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 adr inet6: ::1/128 Scope:Hôte UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:560 (560.0 B) TX bytes:560 (560.0 B) As requested, here is the result of : sudo -u mysql mysqld, here is the result : root@debian:/home/nicolas/Bureau# sudo -u mysql mysqld 121004 14:26:57 [Note] Plugin 'FEDERATED' is disabled. mysqld: Can't find file: './mysql/plugin.frm' (errno: 13) 121004 14:26:57 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it. 121004 14:26:57 InnoDB: Initializing buffer pool, size = 8.0M 121004 14:26:57 InnoDB: Completed initialization of buffer pool 121004 14:26:57 InnoDB: Started; log sequence number 0 70822697 121004 14:26:57 [Note] Recovering after a crash using /var/log/mysql/mysql-bin 121004 14:26:57 [Note] Starting crash recovery... 121004 14:26:57 [Note] Crash recovery finished. 121004 14:26:57 [ERROR] mysqld: Can't find file: './mysql/host.frm' (errno: 13) 121004 14:26:57 [ERROR] Fatal error: Can't open and lock privilege tables: Can't find file: './mysql/host.frm' (errno: 13)

Read the article

Search Results

Search found 1218 results on 49 pages for 'derek lo'.

Page 44/49 | < Previous Page | 40 41 42 43 44 45 46 47 48 49 | Next Page >

- by aaa

- by sbrattla

- by noplacetoh1de

- by 422

- by user3715581

- by Sigge

- by Sigge

- by dobs

- by michaelc

- by The_cobra666

- by PolishHurricane

- by Mike Holler

- by Brad

- by Mandar Katdare

- by FractalizeR

- by neverland

- by Matt Sieker

- by Agustin Lopez

- by Samik

- by HPHPHP2012

- by neverland

- by ???

- by HappyEngineer

- by GrinReaper

- by Nicolas Thery

< Previous Page | 40 41 42 43 44 45 46 47 48 49 | Next Page >