Search Results

Search found 13752 results on 551 pages for 'ip protocol'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 518/551 | < Previous Page | 514 515 516 517 518 519 520 521 522 523 524 525  | Next Page >

  • Allow anonymous upload for Vsftpd?

    - by user15318
    I need a basic FTP server on Linux (CentOS 5.5) without any security measure, since the server and the clients are located on a test LAN, not connected to the rest of the network, which itself uses non-routable IP's behind a NAT firewall with no incoming access to FTP. Some people recommend Vsftpd over PureFTPd or ProFTPd. No matter what I try, I can't get it to allow an anonymous user (ie. logging as "ftp" or "anonymous" and typing any string as password) to upload a file: # yum install vsftpd # mkdir /var/ftp/pub/upload # cat vsftpd.conf listen=YES anonymous_enable=YES local_enable=YES write_enable=YES xferlog_file=YES #anonymous users are restricted (chrooted) to anon_root #directory was created by root, hence owned by root.root anon_root=/var/ftp/pub/incoming anon_upload_enable=YES anon_mkdir_write_enable=YES #chroot_local_user=NO #chroot_list_enable=YES #chroot_list_file=/etc/vsftpd.chroot_list chown_uploads=YES When I log on from a client, here's what I get: 500 OOPS: cannot change directory:/var/ftp/pub/incoming I also tried "# chmod 777 /var/ftp/incoming/", but get the same error. Does someone know how to configure Vsftpd with minimum security? Thank you. Edit: SELinux is disabled and here are the file permissions: # cat /etc/sysconfig/selinux SELINUX=disabled SELINUXTYPE=targeted SETLOCALDEFS=0 # sestatus SELinux status: disabled # getenforce Disabled # grep ftp /etc/passwd ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin # ll /var/ drwxr-xr-x 4 root root 4096 Mar 14 10:53 ftp # ll /var/ftp/ drwxrwxrwx 2 ftp ftp 4096 Mar 14 10:53 incoming drwxr-xr-x 3 ftp ftp 4096 Mar 14 11:29 pub Edit: latest vsftpd.conf: listen=YES local_enable=YES write_enable=YES xferlog_file=YES #anonymous users are restricted (chrooted) to anon_root anonymous_enable=YES anon_root=/var/ftp/pub/incoming anon_upload_enable=YES anon_mkdir_write_enable=YES #500 OOPS: bad bool value in config file for: chown_uploads chown_uploads=YES chown_username=ftp Edit: with trailing space removed from "chown_uploads", err 500 is solved, but anonymous still doesn't work: client> ./ftp server Connected to server. 220 (vsFTPd 2.0.5) Name (server:root): ftp 331 Please specify the password. Password: 500 OOPS: cannot change directory:/var/ftp/pub/incoming Login failed. ftp> bye With user "ftp" listed in /etc/passwd with home directory set to "/var/ftp" and access rights to /var/ftp set to "drwxr-xr-x" and /var/ftp/incoming to "drwxrwxrwx"...could it be due to PAM maybe? I don't find any FTP log file in /var/log to investigate. Edit: Here's a working configuration to let ftp/anonymous connect and upload files to /var/ftp: listen=YES anonymous_enable=YES write_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES

    Read the article

  • repeated failing passwords in linux security log (/var/log/secure)

    - by wallyk
    Recently, I opened up the SSH port through my firewalls (and redirecting to my server) so I could check on the (http) server while on the road. The first week or two there was nothing different. But now, three or four weeks later, I see lots of this: Mar 20 08:38:28 localhost sshd[21895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:31 localhost sshd[21895]: Failed password for root from 207.210.101.209 port 2854 ssh2 Mar 20 15:38:31 localhost sshd[21896]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 08:38:32 localhost unix_chkpwd[21900]: password check failed for user (root) Mar 20 08:38:32 localhost sshd[21898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:34 localhost sshd[21898]: Failed password for root from 207.210.101.209 port 3729 ssh2 Mar 20 15:38:35 localhost sshd[21899]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 08:38:36 localhost unix_chkpwd[21903]: password check failed for user (root) Mar 20 08:38:36 localhost sshd[21901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:38 localhost sshd[21901]: Failed password for root from 207.210.101.209 port 4313 ssh2 Mar 20 15:38:38 localhost sshd[21902]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 08:38:40 localhost unix_chkpwd[21906]: password check failed for user (root) Mar 20 08:38:40 localhost sshd[21904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:42 localhost sshd[21904]: Failed password for root from 207.210.101.209 port 4869 ssh2 Mar 20 15:38:43 localhost sshd[21905]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 08:38:44 localhost unix_chkpwd[21909]: password check failed for user (root) Mar 20 08:38:44 localhost sshd[21907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.queued.net user=root Mar 20 08:38:46 localhost sshd[21907]: Failed password for root from 207.210.101.209 port 2512 ssh2 Mar 20 15:38:47 localhost sshd[21908]: Received disconnect from 207.210.101.209: 11: Bye Bye Mar 20 15:38:57 localhost sshd[21912]: Connection closed by 207.210.101.209 There are about 1100 lines of these for March 20th, zero for the 19th, and 800 or so for the 18th—all related to the same IP. What does it mean? What should I do? Why isn't it chronological?

    Read the article

  • should i bother to block these- rather lame attempt at hacking my server

    - by The Journeyman geek
    I'm running a LAMP stack, with no phpmyadmin (yes) installed. While poking through my apache server longs i noticed things like. 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "POST http://74.208.75.29:6667/ HTTP/1.0" 404 481 "-" "-" 74.208.75.29 - - [16/Mar/2010:02:53:45 +0800] "CONNECT 74.208.75.29:6667 HTTP/1.0" 405 547 "-" "-" 66.184.178.58 - - [16/Mar/2010:13:27:59 +0800] "GET / HTTP/1.1" 200 1170 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 200.78.247.148 - - [16/Mar/2010:15:26:05 +0800] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 506 "-" "-" 206.47.160.224 - - [16/Mar/2010:17:27:57 +0800] "GET / HTTP/1.1" 200 1170 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:02 +0800] "GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 480 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:03 +0800] "GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 476 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:04 +0800] "GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 478 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:05 +0800] "GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 479 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:05 +0800] "GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 479 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 190.220.14.195 - - [17/Mar/2010:01:28:06 +0800] "GET //php-my-admin/config/config.inc.php?p=phpinfo(); HTTP/1.1" 404 482 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" What exactly is happening? is it a really lame attempt at hacking in? Should i bother blocking the ip addresses these are from, or just leave it?

    Read the article

  • DNS "recursion not available" using a Cisco AnyConnect VPN connection

    - by codeape
    Does anyone have experience with configuring Cisco AnyConnect VPN? We have a problem with client DNS name resolution when connected over VPN. To me, it looks as if the Cisco AnyConnect VPN client intercepts DNS queries from the clients. Can someone confirm that the AnyConnect VPN client in fact does this (intercepts DNS traffic)? Where is this configured on the VPN server? EDIT: Here's how the routing table changes when I connect to the VPN: [~] $ diff -u /tmp/route_normal /tmp/route_vpn --- /tmp/route_normal 2010-01-20 19:23:47.000000000 +0100 +++ /tmp/route_vpn 2010-01-20 19:24:46.000000000 +0100 @@ -1,6 +1,10 @@ Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface +xxx.xxx.xx.xx.i 10.0.0.1 255.255.255.255 UGH 0 0 0 ath0 172.16.53.0 * 255.255.255.0 U 0 0 0 vmnet1 10.0.0.0 * 255.255.255.0 U 0 0 0 ath0 +172.17.20.0 * 255.255.255.0 U 0 0 0 cscotun 0 +192.168.111.0 172.17.20.212 255.255.255.0 UG 0 0 0 cscotun 0 172.16.140.0 * 255.255.255.0 U 0 0 0 vmnet8 +172.16.0.0 172.17.20.212 255.255.0.0 UG 0 0 0 cscotun 0 default 10.0.0.1 0.0.0.0 UG 0 0 0 ath0 EDIT 2: The IT guy has done "something" on the VPN endpoint. Now I get "recursion not available" when doing nslookup. The DNS servers have recursion enabled. So it must be the Cisco VPN DNS interception messing this up. ubuntu@domU-12-31-39-00-ED-14:~$ /opt/cisco/vpn/bin/vpn connect xxx.xxxxxx.xx ... >> Please enter your username and password ... >> notice: Establishing VPN... >> state: Connected >> notice: VPN session established to ... ubuntu@domU-12-31-39-00-ED-14:~$ nslookup www.vg.no ;; Got recursion not available from ..., trying next server ;; Got recursion not available from ..., trying next server ;; Got recursion not available from ..., trying next server ;; Got recursion not available from ..., trying next server Server: 172.16.0.23 Address: 172.16.0.23#53 ** server can't find www.vg.no.compute-1.internal: REFUSED ubuntu@domU-12-31-39-00-ED-14:~$ ping 195.88.55.16 PING 195.88.55.16 (195.88.55.16) 56(84) bytes of data. 64 bytes from 195.88.55.16: icmp_seq=1 ttl=240 time=110 ms 64 bytes from 195.88.55.16: icmp_seq=2 ttl=240 time=111 ms 64 bytes from 195.88.55.16: icmp_seq=3 ttl=240 time=109 ms ^C --- 195.88.55.16 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2017ms rtt min/avg/max/mdev = 109.953/110.379/111.075/0.496 ms

    Read the article

  • How to setup Hadoop cluster so that it accepts mapreduce jobs from remote computers?

    - by drasto
    There is a computer I use for Hadoop map/reduce testing. This computer runs 4 Linux virtual machines (using Oracle virtual box). Each of them has Cloudera with Hadoop (distribution c3u4) installed and serves as a node of Hadoop cluster. One of those 4 nodes is master node running namenode and jobtracker, others are slave nodes. Normally I use this cluster from local network for testing. However when I try to access it from another network I cannot send any jobs to it. The computer running Hadoop cluster has public IP and can be reached over internet for another services. For example I am able to get HDFS (namenode) administration site and map/reduce (jobtracker) administration site (on ports 50070 and 50030 respectively) from remote network. Also it is possible to use Hue. Ports 8020 and 8021 are both allowed. What is blocking my map/reduce job submits from reaching the cluster? Is there some setting that I must change first in order to be able to submit map/reduce jobs remotely? Here is my mapred-site.xml file: <configuration> <property> <name>mapred.job.tracker</name> <value>master:8021</value> </property> <!-- Enable Hue plugins --> <property> <name>mapred.jobtracker.plugins</name> <value>org.apache.hadoop.thriftfs.ThriftJobTrackerPlugin</value> <description>Comma-separated list of jobtracker plug-ins to be activated. </description> </property> <property> <name>jobtracker.thrift.address</name> <value>0.0.0.0:9290</value> </property> </configuration> And this is in /etc/hosts file: 192.168.1.15 master 192.168.1.14 slave1 192.168.1.13 slave2 192.168.1.9 slave3

    Read the article

  • openstack, bridging, netfilter and dnat

    - by Craig Sanders
    In a recent upgrade (from Openstack Diablo on Ubuntu Lucid to Openstack Essex on Ubuntu Precise), we found that DNS packets were frequently (almost always) dropped on the bridge interface (br100). For our compute-node hosts, that's a Mellanox MT26428 using the mlx4_en driver module. We've found two workarounds for this: Use an old lucid kernel (e.g. 2.6.32-41-generic). This causes other problems, in particular the lack of cgroups and the old version of the kvm and kvm_amd modules (we suspect the kvm module version is the source of a bug we're seeing where occasionally a VM will use 100% CPU). We've been running with this for the last few months, but can't stay here forever. With the newer Ubuntu Precise kernels (3.2.x), we've found that if we use sysctl to disable netfilter on bridge (see sysctl settings below) that DNS started working perfectly again. We thought this was the solution to our problem until we realised that turning off netfilter on the bridge interface will, of course, mean that the DNAT rule to redirect VM requests for the nova-api-metadata server (i.e. redirect packets destined for 169.254.169.254:80 to compute-node's-IP:8775) will be completely bypassed. Long-story short: with 3.x kernels, we can have reliable networking and broken metadata service or we can have broken networking and a metadata service that would work fine if there were any VMs to service. We haven't yet found a way to have both. Anyone seen this problem or anything like it before? got a fix? or a pointer in the right direction? Our suspicion is that it's specific to the Mellanox driver, but we're not sure of that (we've tried several different versions of the mlx4_en driver, starting with the version built-in to the 3.2.x kernels all the way up to the latest 1.5.8.3 driver from the mellanox web site. The mlx4_en driver in the 3.5.x kernel from Quantal doesn't work at all) BTW, our compute nodes have supermicro H8DGT motherboards with built-in mellanox NIC: 02:00.0 InfiniBand: Mellanox Technologies MT26428 [ConnectX VPI PCIe 2.0 5GT/s - IB QDR / 10GigE] (rev b0) we're not using the other two NICs in the system, only the Mellanox and the IPMI card are connected. Bridge netfilter sysctl settings: net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 Since discovering this bridge-nf sysctl workaround, we've found a few pages on the net recommending exactly this (including Openstack's latest network troubleshooting page and a launchpad bug report that linked to this blog-post that has a great description of the problem and the solution)....it's easier to find stuff when you know what to search for :), but we haven't found anything on the DNAT issue that it causes.

    Read the article

  • Debian Apache2 SSL Issues - Error code: ssl_error_rx_record_too_long

    - by Tone
    I'm setting up apache on Debian lenny and having issues with SSL. I've been through numberous tutorials and i had this working on Ubuntu server, but for the life of me can't get anywhere with Debian. Port 80 (http) works fine, but port 443 (https) gives me the following error (in firefox) - homeserver is my hostname and my dhcp assigned ip is 192.168.1.109. I have a feeling it's something with my config and not with the cert/key generation. An error occurred during a connection to homeserver. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) Anyone see any issues with the following config files? /etc/apache2/sites-available/default-ssl <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName homeserver DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/ssl_access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> SSLEngine on SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> </IfModule> /etc/apache2/ports.conf NameVirtualHost *:80 Listen 80 Listen 443 #<IfModule mod_ssl.c> # SSL name based virtual hosts are not yet supported, therefore no # NameVirtualHost statement here #Listen 443 #</IfModule> /etc/hosts 127.0.0.1 localhost 127.0.0.1 homeserver #192.168.1.109 homeserver #tried this but it didn't work # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts

    Read the article

  • I can't send email from my server to gmail addresses

    - by brianegge
    I'm using postfix, and have setup spf, dkim, and domainkeys. I can get my email to go to Yahoo, but not gmail. Here's the headers from an email send to Yahoo. Yahoo reports the email as domain key verified. X-Apparently-To: brianegge at yahoo.com via 68.142.206.167; Sat, 20 Mar 2010 05:29:19 -0700 Return-Path: <domains at theeggeadventure.com> X-YahooFilteredBulk: 67.207.137.114 X-YMailISG: x7_Rl9EWLDuugoqPcORhih0FeQMOaIIpz4qfuu9ttx1xbo3uKI2kz.CLUy2cJ1BTtHAwuJtrsGRsveHIx.Dx95avNGlPPGWy_cSpnEwWLXGxBciO.YgtSQxdURQiWLCLvbHej0QPjQIHFjAFjdeGhJd2Y8NgTW1wcExq45Sb7LMlOGvtGMjSQuc8QazwXUxpZrQbIxgSQUTmzQO1x30xaZ2Us6TQTab7Wpya6OgAX.emKOM3phfS5kfhYj9FLQ.qi32sFNWnAoFdVK596OTP2F63PAJOVM5qPsM2jIAbJylIBmnj94LO7hOVr3KOS6XLtCPRn2Oe X-Originating-IP: [67.207.137.114] Authentication-Results: mta1055.mail.mud.yahoo.com from=theeggeadventure.com; domainkeys=pass (ok); from=theeggeadventure.com; dkim=pass (ok) Received: from 127.0.0.1 (EHLO mail.theeggeadventure.com) (67.207.137.114) by mta1055.mail.mud.yahoo.com with SMTP; Sat, 20 Mar 2010 05:29:19 -0700 Received: by mail.theeggeadventure.com (Postfix, from userid 1003) id BB5B01C16A4; Sat, 20 Mar 2010 12:29:16 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; s=2010; d=theeggeadventure.com; c=simple; q=dns; b=JHbK9VhqyQTfpQFqaXxJrKpEG9h9H0IZ0LdWoBooJEA7hv3SYWmFUtyE247EuwoaG gzApKJ1DuRhwESZ7PswrbzuaUL8poAUO8LmMvZ+OqnDolgNSJUYWu0FcO+fe3H4m9ZD grkj0xMpHw+uFjXV4plKO+sa8olJXJAmP+9cMEo= X-DKIM: Sendmail DKIM Filter v2.8.2 mail.theeggeadventure.com BB5B01C16A4 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=theeggeadventure.com; s=2010; t=1269088156; bh=bUlMldcnzFCmCmNT8qjpRl6fiY1YyjiZiC9jhCXASOw=; h=Subject:To:Message-Id:Date:From; b=EVNolTlh4Gch5/HIrrHaRQvcApl7wkB42gB44NsPcLZD2QrhuOvnhanhnEB4UbV0e A+3dAOjhX7LKzgGrn11jXNTiEjNX1vQDsX3HyG0fNra73aWiGTzr1nHJfnuEJ7Ph0j 5tp0HRL5jjikD1XJcvmsYzTpT22mxuz60HXYRB1s= Subject: cron To: <brianegge at yahoo.com> X-Mailer: mail (GNU Mailutils 1.2) Message-Id: <[email protected]> Date: Sat, 20 Mar 2010 12:29:16 +0000 (UTC) From: This sender is DomainKeys verified [email protected] (domains) View contact details Content-Length: 818 When I send to gmail, I see the following in my server log, but the message doesn't even reach my spam folder. Mar 20 12:59:12 Everest postfix/pickup[27802]: C81C61C16A4: uid=1000 from=<egge> Mar 20 12:59:12 Everest postfix/cleanup[27847]: C81C61C16A4: message-id=<[email protected]> Mar 20 12:59:13 Everest postfix/qmgr[27801]: C81C61C16A4: from=<[email protected]>, size=2784, nrcpt=1 (queue active) Mar 20 12:59:14 Everest postfix/smtp[27849]: C81C61C16A4: to=<brianegge at gmail.com>, relay=gmail-smtp-in.l.google.com[209.85.223.24]:25, delay=2.1, delays=0.39/0.28/0.13/1.3, dsn=2.0.0, status=sent (250 2.0.0 OK 1269089954 32si4566750iwn.51) Mar 20 12:59:14 Everest postfix/qmgr[27801]: C81C61C16A4: removed I've send to email to test services, and the report everything verifies ok. I've also checked all the RBL lists, and I'm not on any of them.

    Read the article

  • SonicOS Enhanced 5.8.1.2 L2TP VPN Authentication Failed

    - by Dean A. Vassallo
    I have a SonicWall TZ 215 running SonicOS Enhanced 5.8.1.2-6o. I have configured the L2TP VPN using the default crypto suite ESP: 3DES/HMAC SHA1 (IKE). Proposals are as such: IKE (Phase 1) Proposal DH Group: Group 2 Encryption: 3DES Authentication: SHA1 Life Time (seconds): 28800 Ipsec (Phase 2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 Enable Perfect Forward Secrecy DISABLED Life Time (seconds): 28800 When attempting to connect via my Mac OS X client I get an authentication error. It appears to pass the pre-authentication but fails to complete. I am at a complete loss. I reconfigured from scratch multiple times...used simple usernames and passwords to verify this wasn't a miskeyed password issue. I have Here are the logs (noted IP has been removed for privacy): 7/1/13 8:19:05.174 PM pppd[1268]: setup_security_context server port: 0x1503 7/1/13 8:19:05.190 PM pppd[1268]: publish_entry SCDSet() failed: Success! 7/1/13 8:19:05.191 PM pppd[1268]: publish_entry SCDSet() failed: Success! 7/1/13 8:19:05.191 PM pppd[1268]: pppd 2.4.2 (Apple version 727.1.1) started by dean, uid 501 7/1/13 8:19:05.192 PM pppd[1268]: L2TP connecting to server ‘0.0.0.0’ (0.0.0.0)... 7/1/13 8:19:05.193 PM pppd[1268]: IPSec connection started 7/1/13 8:19:05.208 PM racoon[1269]: accepted connection on vpn control socket. 7/1/13 8:19:05.209 PM racoon[1269]: Connecting. 7/1/13 8:19:05.209 PM racoon[1269]: IPSec Phase 1 started (Initiated by me). 7/1/13 8:19:05.209 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 1). 7/1/13 8:19:05.209 PM racoon[1269]: >>>>> phase change status = Phase 1 started by us 7/1/13 8:19:05.231 PM racoon[1269]: >>>>> phase change status = Phase 1 started by peer 7/1/13 8:19:05.231 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 2). 7/1/13 8:19:05.234 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 3). 7/1/13 8:19:05.293 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 4). 7/1/13 8:19:05.295 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 5). 7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 AUTH: success. (Initiator, Main-Mode Message 6). 7/1/13 8:19:05.315 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 6). 7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 Initiator: success. (Initiator, Main-Mode). 7/1/13 8:19:05.315 PM racoon[1269]: IPSec Phase 1 established (Initiated by me). 7/1/13 8:19:06.307 PM racoon[1269]: IPSec Phase 2 started (Initiated by me). 7/1/13 8:19:06.307 PM racoon[1269]: >>>>> phase change status = Phase 2 started 7/1/13 8:19:06.308 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). 7/1/13 8:19:06.332 PM racoon[1269]: attribute has been modified. 7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). 7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). 7/1/13 8:19:06.333 PM racoon[1269]: IKEv1 Phase 2 Initiator: success. (Initiator, Quick-Mode). 7/1/13 8:19:06.333 PM racoon[1269]: IPSec Phase 2 established (Initiated by me). 7/1/13 8:19:06.333 PM racoon[1269]: >>>>> phase change status = Phase 2 established 7/1/13 8:19:06.333 PM pppd[1268]: IPSec connection established 7/1/13 8:19:07.145 PM pppd[1268]: L2TP connection established. 7/1/13 8:19:07.000 PM kernel[0]: ppp0: is now delegating en0 (type 0x6, family 2, sub-family 3) 7/1/13 8:19:07.146 PM pppd[1268]: Connect: ppp0 <--> socket[34:18] 7/1/13 8:19:08.709 PM pppd[1268]: MS-CHAPv2 mutual authentication failed. 7/1/13 8:19:08.710 PM pppd[1268]: Connection terminated. 7/1/13 8:19:08.710 PM pppd[1268]: L2TP disconnecting... 7/1/13 8:19:08.711 PM pppd[1268]: L2TP disconnected 7/1/13 8:19:08.711 PM racoon[1269]: IPSec disconnecting from server 0.0.0.0 7/1/13 8:19:08.711 PM racoon[1269]: IKE Packet: transmit success. (Information message). 7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA). 7/1/13 8:19:08.712 PM racoon[1269]: IKE Packet: transmit success. (Information message). 7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA). 7/1/13 8:19:08.713 PM racoon[1269]: glob found no matches for path "/var/run/racoon/*.conf" 7/1/13 8:19:08.714 PM racoon[1269]: pfkey DELETE failed: No such file or directory

    Read the article

  • virsh XML interface allocation

    - by Kaushik Koneru
    I am trying to launch VM using a XML. This VM will be having 5 interfaces each connected to certain bridge. Issue here is allocation of these interfaces is random. My XML <interface type='bridge'> <mac address='52:54:00:9f:14:b3'/> <source bridge='br0'/> <target dev='vnet1'/> <model type='e1000'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <interface type='bridge'> <mac address='52:54:00:9f:14:b4'/> <source bridge='br1'/> <target dev='vnet2'/> <model type='e1000'/> <alias name='net1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x10' function='0x0'/> </interface> <interface type='bridge'> <mac address='52:54:00:9f:14:b5'/> <source bridge='br2'/> <target dev='vnet2'/> <model type='e1000'/> <alias name='net3'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x12' function='0x0'/> </interface> <interface type='bridge'> <mac address='52:54:00:9f:14:c4'/> <source bridge='br3'/> <target dev='vnet3'/> <model type='e1000'/> <alias name='net4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x18' function='0x0'/> </interface> Allocation of interfaces are random mean e th6 will be connected to br3 ; eth7 -- br4 eth8 -- br2 eth9 -- br0. Is there any way to make it static?? At the same time is there anyway of assigning IP Address to these eth interfaces through XML file itself??

    Read the article

  • TPROXY Not working with HAProxy, Ubuntu 14.04

    - by Nyxynyx
    I'm trying to use HAProxy as a fully transparent proxy using TPROXY in Ubuntu 14.04. HAProxy will be setup on the first server with eth1 111.111.250.250 and eth0 10.111.128.134. The single balanced server has eth1 and eth0 as well. eth1 is the public facing network interface while eth0 is for the private network which both servers are in. Problem: I'm able to connect to the balanced server's port 1234 directly (via eth1) but am not able to reach the balanced server via Haproxy port 1234 (which redirects to 1234 via eth0). Am I missing out something in this configuration? On the HAProxy server The current kernel is: Linux extremehash-lb2 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux The kernel appears to have TPROXY support: # grep TPROXY /boot/config-3.13.0-24-generic CONFIG_NETFILTER_XT_TARGET_TPROXY=m HAProxy was compiled with TPROXY support: haproxy -vv HA-Proxy version 1.5.3 2014/07/25 Copyright 2000-2014 Willy Tarreau <[email protected]> Build options : TARGET = linux26 CPU = x86_64 CC = gcc CFLAGS = -g -fno-strict-aliasing OPTIONS = USE_LINUX_TPROXY=1 USE_LIBCRYPT=1 USE_STATIC_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built without zlib support (USE_ZLIB not set) Compression algorithms supported : identity Built without OpenSSL support (USE_OPENSSL not set) Built with PCRE version : 8.31 2012-07-06 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. In /etc/haproxy/haproxy.cfg, I've configured a port to have the following options: listen test1235 :1234 mode tcp option tcplog balance leastconn source 0.0.0.0 usesrc clientip server balanced1 10.111.163.76:1234 check inter 5s rise 2 fall 4 weight 4 On the balanced server In /etc/networking/interfaces I've set the gateway for eth0 to be the HAProxy box 10.111.128.134 and restarted networking. auto eth0 eth1 iface eth0 inet static address 111.111.250.250 netmask 255.255.224.0 gateway 111.131.224.1 dns-nameservers 8.8.4.4 8.8.8.8 209.244.0.3 iface eth1 inet static address 10.111.163.76 netmask 255.255.0.0 gateway 10.111.128.134 ip route gives: default via 111.111.224.1 dev eth0 10.111.0.0/16 dev eth1 proto kernel scope link src 10.111.163.76 111.111.224.0/19 dev eth0 proto kernel scope link src 111.111.250.250

    Read the article

  • Mac OS X behind OpenLDAP and Samba

    - by Sam Hammamy
    I have been battling for a week now to get my Mac (Mountain Lion) to authenticate on my home network's OpenLDAP and Samba. From several sources, like the Ubuntu community docs, and other blogs, and after a hell of a lot of trial and error and piecing things together, I have created a samba.ldif that will pass the smbldap-populate when combined with apple.ldif and I have a fully functional OpenLDAP server and a Samba PDC that uses LDAP to authenticate the OS X Machine. The problem is that when I login, the home directory is not created or pulled from the server. I get the following in system.log Sep 21 06:09:15 Sams-MacBook-Pro.local SecurityAgent[265]: User info context values set for sam Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Got user: sam Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Got ruser: (null) Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Got service: authorization Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in od_principal_for_user(): no authauth availale for user. Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in od_principal_for_user(): failed: 7 Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Failed to determine Kerberos principal name. Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Done cleanup3 Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): Kerberos 5 refuses you Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_authenticate(): pam_sm_authenticate: ntlm Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_acct_mgmt(): OpenDirectory - Membership cache TTL set to 1800. Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in od_record_check_pwpolicy(): retval: 0 Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_setcred(): Establishing credentials Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_setcred(): Got user: sam Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_setcred(): Context initialised Sep 21 06:09:15 Sams-MacBook-Pro.local authorizationhost[270]: in pam_sm_setcred(): pam_sm_setcred: ntlm user sam doesn't have auth authority All that's great and good and I authenticate. Then I get CFPreferences: user home directory for user kCFPreferencesCurrentUser at /Network/Servers/172.17.148.186/home/sam is unavailable. User domains will be volatile. Failed looking up user domain root; url='file://localhost/Network/Servers/172.17.148.186/home/sam/' path=/Network/Servers/172.17.148.186/home/sam/ err=-43 uid=9000 euid=9000 If you're wondering where /Network/Servers/IP/home/sam comes from, it's from a couple of blogs that said the OpenLDAP attribute apple-user-homeDirectory should have that value and the NFSHomeDirectory on the mac should point to apple-user-homeDirectory I also set the attr apple-user-homeurl to <home_dir><url>smb://172.17.148.186/sam/</url><path></path></home_dir> which I found on this forum. Any help is appreciated, because I'm banging my head against the wall at this point. By the way, I intend to create a blog on my vps just for this, and create an install script in python that people can download so no one has to go through what I've had to go through this week :) After some sleep I am going to try to login from a windows machine and report back here. Thanks Sam

    Read the article

  • Load-balancing between a Procurve switch and a server

    - by vlad
    Hello I've been searching around the web for this problem i've been having. It's similar in a way to this question: How exactly & specifically does layer 3 LACP destination address hashing work? My setup is as follows: I have a central switch, a Procurve 2510G-24, image version Y.11.16. It's the center of a star topology, there are four switches connected to it via a single gigabit link. Those switches service the users. On the central switch, I have a server with two gigabit interfaces that I want to bond together in order to achieve higher throughput, and two other servers that have single gigabit connections to the switch. The topology looks as follows: sw1 sw2 sw3 sw4 | | | | --------------------- | sw0 | --------------------- || | | srv1 srv2 srv3 The servers were running FreeBSD 8.1. On srv1 I set up a lagg interface using the lacp protocol, and on the switch I set up a trunk for the two ports using lacp as well. The switch showed that the server was a lacp partner, I could ping the server from another computer, and the server could ping other computers. If I unplugged one of the cables, the connection would keep working, so everything looked fine. Until I tested throughput. There was only one link used between srv1 and sw0. All testing was conducted with iperf, and load distribution was checked with systat -ifstat. I was looking to test the load balancing for both receive and send operations, as I want this server to be a file server. There were therefore two scenarios: iperf -s on srv1 and iperf -c on the other servers iperf -s on the other servers and iperf -c on srv1 connected to all the other servers. Every time only one link was used. If one cable was unplugged, the connections would keep going. However, once the cable was plugged back in, the load was not distributed. Each and every server is able to fill the gigabit link. In one-to-one test scenarios, iperf was reporting around 940Mbps. The CPU usage was around 20%, which means that the servers could withstand a doubling of the throughput. srv1 is a dell poweredge sc1425 with onboard intel 82541GI nics (em driver on freebsd). After troubleshooting a previous problem with vlan tagging on top of a lagg interface, it turned out that the em could not support this. So I figured that maybe something else is wrong with the em drivers and / or lagg stack, so I started up backtrack 4r2 on this same server. So srv1 now uses linux kernel 2.6.35.8. I set up a bonding interface bond0. The kernel module was loaded with option mode=4 in order to get lacp. The switch was happy with the link, I could ping to and from the server. I could even put vlans on top of the bonding interface. However, only half the problem was solved: if I used srv1 as a client to the other servers, iperf was reporting around 940Mbps for each connection, and bwm-ng showed, of course, a nice distribution of the load between the two nics; if I run the iperf server on srv1 and tried to connect with the other servers, there was no load balancing. I thought that maybe I was out of luck and the hashes for the two mac addresses of the clients were the same, so I brought in two new servers and tested with the four of them at the same time, and still nothing changed. I tried disabling and reenabling one of the links, and all that happened was the traffic switched from one link to the other and back to the first again. I also tried setting the trunk to "plain trunk mode" on the switch, and experimented with other bonding modes (roundrobin, xor, alb, tlb) but I never saw any traffic distribution. One interesting thing, though: one of the four switches is a Cisco 2950, image version 12.1(22)EA7. It has 48 10/100 ports and 2 gigabit uplinks. I have a server (call it srv4) with a 4 channel trunk connected to it (4x100), FreeBSD 8.0 release. The switch is connected to sw0 via gigabit. If I set up an iperf server on one of the servers connected to sw0 and a client on srv4, ALL 4 links are used, and iperf reports around 330Mbps. systat -ifstat shows all four interfaces are used. The cisco port-channel uses src-mac to balance the load. The HP should use both the source and destination according to the manual, so it should work as well. Could this mean there is some bug in the HP firmware? Am I doing something wrong?

    Read the article

  • Iptables config breaks Java + Elastic Search communication

    - by Agustin Lopez
    I am trying to set up a firewall for a server hosting a java app and ES. Both are on the same server and communicate to each other. The problem I am having is that my firewall configuration prevents java from connecting to ES. Not sure why really.... I have tried lot of stuff like opening the port range 9200:9400 to the server ip without any luck but from what I know all communication inside the server should be allowed with this configuration. The idea is that ES should not be accessible from outside but it should be accessible from this java app and ES uses the port range 9200:9400. This is my iptables script: echo -e Deleting rules for INPUT chain iptables -F INPUT echo -e Deleting rules for OUTPUT chain iptables -F OUTPUT echo -e Deleting rules for FORWARD chain iptables -F FORWARD echo -e Setting by default the drop policy on each chain iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP echo -e Open all ports from/to localhost iptables -A INPUT -i lo -j ACCEPT echo -e Open SSH port 22 with brute force security iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 4 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j LOG --log-prefix "SSH brute force " iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT echo -e Open NGINX port 80 iptables -A INPUT -p tcp --dport 80 -j ACCEPT echo -e Open NGINX SSL port 443 iptables -A INPUT -p tcp --dport 443 -j ACCEPT echo -e Enable DNS iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT And I get this in the java app when this config is in place: org.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];[SERVICE_UNAVAILABLE/2/no master]; at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:292) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1185) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:304) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:300) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:700) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:760) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403) Do any of you see any problem with this configuration and ES? Thanks in advance

    Read the article

  • Best Practise: DNS and VPN (with private network IPs)

    - by ribx
    I am trying to find the best solution for my DNS problem. We are running several services in our company that you can reach only over VPN. Other services, that are reachable through the internet got the domain ... At the moment all services inside the VPN network go by .local... These have an VPN IP of the private network 192.168.252.0/24. Clients reach from Linux over OSX to Windows. I can think of 4 possibilities to implement a DNS infrastructure: Most common: an internal DNS Server, that is pushed by the VPN. But this has several drawbacks: your DNS responses are limited to the speed of the VPN Connection and your own DNS server. Because of very complex websites, this can increase the time for a page to load quite a lot. Also: we have several VPNs that are not connected to each other and all of them have their own DNS server. Several DNS servers locally. These have to be configured by hand. And you have to use some third party tool like dnsmasq. If you start a DNS request, you ask your locally running DNS server, which decides which server to ask for which domain name. One college of mine uses such a solution with this OSX (I am sorry, I don't remember the name of the application). You use your domain hoster. Most of them have APIs available to manipulate your DNS entries. So you could pull your private network informations to your domain hoster. I am not sure whether they all accept private network IPs. But I guess there will be some problems in the same way as in number 4. The one we currently use, because it's for us the most logical choice: we forward the sub domain *.local.. to our own public DNS Server. This works quite good for some public DNS Servers like Google. But most ISPs do not forward the answers. Or don't do that always. Like my ISP sends me a positive result of the a DNS request of a *.local.. domain only every 10th time I make a nslookup. (Can someone explain this?) Here the real Question: Is there another solution we were not thinking about? Or: What of these methods do you use?

    Read the article

  • dnsmasq acts as the DHCP server for selected nodes overriding the existing DHCP server on the same LAN?

    - by user183394
    I am trying to set up a small "lab" at home. Like many modern homes, I have a regular DSL service which comes with a 2Wire 3600HGV router, which acts also as a DHCP server. Since I would like to PXE boot a few computers in my "lab" The 2Wire is inflexible to adjustments that I want to do I have used dnsmasq at work so I would like to use dnsmasq as the DHCP server for the few nodes in my "lab" if feasible. In the dnsmasq man page, there is the following: [...] -K, --dhcp-authoritative (IPv4 only) Should be set when dnsmasq is definitely the only DHCP server on a network. It changes the behaviour from strict RFC compliance so that DHCP requests on unknown leases from unknown hosts are not ignored. This allows new hosts to get a lease without a tedious timeout under all circumstances. It also allows dnsmasq to rebuild its lease database without each client needing to reacquire a lease, if the database is lost. [...] As far as I know, the ISC DHCP server can use the following to do what I would like to accomplish: authoritative; [...] subnet 192.168.1.0 netmask 255.255.255.0 { host nb0 { # only give DHCP information to this computer: hardware ethernet e8:9a:8f:17:70:42; fixed-address 192.168.1.10; option subnet-mask 255.255.255.0; option routers 192.168.1.254; option domain-name-servers 192.168.1.254; # Non-essential DHCP options filename "/pxelinux.0"; } [...] But I much prefer dnsmasq's "all-in-one-ness". My question: do I have to couple the -K option with something else? As shown in the example above, the ISC DHCP server requires the mac addresses of managed nodes to be explicitly specified. Does dnsmasq have something similar? FYI, the machine on which I plan to run dnsmasq runs CentOS 6.3 64bit. It has a statically assigned IP address: 192.168.1.3.

    Read the article

  • Understanding vhosts settings

    - by Matt
    Ok so i have a server and I want to put a few applications on and i am having vhost configuration problems. Here is what i have and I want some direction on what i am doing wrong...ok so the first file is /etc/apache2/ports.conf NameVirtualHost 184.106.111.142:80 Listen 80 <IfModule mod_ssl.c> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> then i have /etc/apache2/sites-available/somesite.com <VirtualHost 184.106.111.142:80> ServerAdmin [email protected] ServerName somesite.com ServerAlias www.somesite.com DocumentRoot /srv/www/somesite.com/ ErrorLog /srv/www/somesite.com/logs/error.log CustomLog /srv/www/somesite.com/logs/access.log combined <Directory "/srv/www/somesite.com/"> AllowOverride all Options -MultiViews </Directory> </VirtualHost> when i visit somesite.com everything works great but when i add another vhost and lets say thats named anothersite.com. So i have /etc/apache2/sites-available/anothersite.com <VirtualHost 184.106.111.142:80> ServerAdmin [email protected] ServerName anothersite.com ServerAlias www.anothersite.com DocumentRoot /srv/www/anothersite.com/ ErrorLog /srv/www/anothersite.com/logs/error.log CustomLog /srv/www/anothersite.com/logs/access.log combined <Directory "/srv/www/anothersite.com/"> AllowOverride all Options -MultiViews </Directory> </VirtualHost> then i run the following commands >> sudo a2ensite anothersite.com Enabling site anothersite.com. Run '/etc/init.d/apache2 reload' to activate new configuration! >> /etc/init.d/apache2 reload * Reloading web server config apache2 ...done. but when i visit anothersite.com or somesite.com they are both down..What is going on with the vhosts. Could it be the NameVirtualHost declaration with the ip or something...maybe my understanding of vhost settings is not clear. What i dont understand is why do both site now all the sudden not work at all.I would highly appreciate the clarity By the way anothersite.com or somesite.com are the only things I changed to make it more readable

    Read the article

  • Need help making an ODBC MySQL Connection

    - by Andy Moore
    Short Version: How do I connect from PowerShell to an ODBC 5.1 MySQL Driver? I can't seem to find any connection strings that accurately have a "Provider" field for this particular instance. (See bottom of this question for examples/errors) ===== Long Version: I'm not a server guy, and I've been handed the task of setting up PowerGadgets on our network. I have a MySQL server running on a Linux box, that is configured for remote access and has a user defined for remote access as well. On my windows desktop PC, I have PowerGadgets installed. I installed the MySQL ODBC 5.1 connector, and went to Control Panel Data Sources and set up a User DSN connection to the database. The connection, user, and pass seem to be correct because it lists the tables of the database in my windows control panel. Where I'm running into trouble is in 3 places in PowerGadgets: When selecting a data source, I can select "SQL Server". Inputting the servers IP address does not work and I can't get this option to work at all. When selecting a data source, I can select "OleDB". This screen has a wizard on it, that appears to populate all the correct information (including database table names!) for me. "Test Connection" runs great. But if I try to complete the wizard, I get the error "The .NET Framework data provider for OLEDB does not support the MS Ole DB provider for ODBC Drivers." When selecting a data source, I can select "ODBC". This screen does not have a wizard and I cannot figure out a "connection string" that works. Typically it will respond with the error "The field 'Provider' is missing". Googling ODBC connection strings doesn't reveal any examples with a "provider" field and have no idea what to put in here. The connection string (for #2) above contains "SQLOLEDB" as a provider, and upon inputting that value into this connection string I get the same connection error that #2 gets. I believe I can solve my problems by figuring out a connection string for #3 but don't know where to get started. (PowerGadgets also allows for PowerShell support but I believe I will run into the same problem there) == Here's my current PowerShell connection that doesn't work: invoke-sql -connection "Driver={MySQL ODBC 5.1 Driver};Initial Catalog=hq_live;Data Source=HQDB" -sql "Select * FROM accounts" Spits back the error: "Invoke-Sql : An OLE DB Provider was not specified in the ConnectionString. An example would be, 'Provider=SQLOLEDB;'. == Another string that doesn't work: invoke-sql -connection "Provider=MSDASQL.1;Persist Security Info=False;Data Source=HQDB;Initial Catalog=hq_live" -sql "select * from accounts" And the error: The .Net Framework Data Provider for OLEDB (System.Data.OleDb) does not support the Microsoft OLE DB Provider for ODBC Drivers (MSDASQL). Use the .Net Framework Data Provider for ODBC (System.Data.Odbc).

    Read the article

  • Setting up a fileserver, some questions?

    - by Tanax
    Recently I've become very interested in setting up a fileserver, mostly for home usage but also because of the fact that I live in 2 places, I need to be able to access my files from both homes. I have already done some research into this but I am unclear about some things. My requirements are the following; Needs to work on both Mac and PC(only using Windows atm on PC but could be good if it supports more OS's to make it futureproof in case I need Linux or something else) Need to be able to set up a folder/drive/network space to act as a link to a certain folder on the fileserver All files should only be stored on the fileserver, e.g. no "shared" folders like in Dropbox where files are stored on the client computer Would prefer it if folders are password protected or that I can somehow specify what users can access the fileserver's shares Fileserver's OS most likely have to be Windows due to other factors outside of being just a fileserver I've already kinda figured out that I will need to set up a VPN so that I can access my fileserver from outside the local network. Probably going to use OpenVPN. Question 1: How would I go about to set up a VPN server so that I can connect to my local network at the fileserver's location? I know that since I'm on a dynamic IP I will have to get some sort of dynamic DNS server - I've already checked into this and I'm fairly sure I know how to fix that. I also know that I will have to forward the port OpenVPN uses in my router. Question 2: How would I actually share the folders on the fileserver so that I can access them on my other computers? I've researched into Samba but I'm uncertain if it needs to be run on a Linux OS. I know that the clients connecting to it can be Windows for example but can the Samba "server" be run on Windows? Also it appears that Samba shares a folder, meaning it works like Dropbox - I don't want that. So how would I share a folder in that case to make it work like I want it to? Sorry for the incredibly long question, I tried to structure it the best I could for easier read. Thanks in advance!

    Read the article

  • Setting up a fileserver, some questions?

    - by Tanax
    Recently I've become very interested in setting up a fileserver, mostly for home usage but also because of the fact that I live in 2 places, I need to be able to access my files from both homes. I have already done some research into this but I am unclear about some things. My requirements are the following; Needs to work on both Mac and PC(only using Windows atm on PC but could be good if it supports more OS's to make it futureproof in case I need Linux or something else) Need to be able to set up a folder/drive/network space to act as a link to a certain folder on the fileserver All files should only be stored on the fileserver, e.g. no "shared" folders like in Dropbox where files are stored on the client computer Would prefer it if folders are password protected or that I can somehow specify what users can access the fileserver's shares Fileserver's OS most likely have to be Windows due to other factors outside of being just a fileserver I've already kinda figured out that I will need to set up a VPN so that I can access my fileserver from outside the local network. Probably going to use OpenVPN. Question 1: How would I go about to set up a VPN server so that I can connect to my local network at the fileserver's location? I know that since I'm on a dynamic IP I will have to get some sort of dynamic DNS server - I've already checked into this and I'm fairly sure I know how to fix that. I also know that I will have to forward the port OpenVPN uses in my router. Question 2: How would I actually share the folders on the fileserver so that I can access them on my other computers? I've researched into Samba but I'm uncertain if it needs to be run on a Linux OS. I know that the clients connecting to it can be Windows for example but can the Samba "server" be run on Windows? Also it appears that Samba shares a folder, meaning it works like Dropbox - I don't want that. So how would I share a folder in that case to make it work like I want it to? Sorry for the incredibly long question, I tried to structure it the best I could for easier read. Thanks in advance!

    Read the article

  • Why are people trying to connect to me network on TCP port 445?

    - by Solignis
    I was playing with my new syslog server and had my m0n0wall firewall logs forwarded as a test, I noticed a bunch of recent firewall log entries that say that it blocked other WAN IPs from my ISP (I checked) from connecting to me on TCP port 445. Why would a random computer be trying to connect to me on a port apperently used for Windows SMB shares? Just internet garbage? A port scan? I am just curious. here is what I am seeing Mar 15 23:38:41 gateway/gateway ipmon[121]: 23:38:40.614422 fxp0 @0:19 b 98.82.198.238,60653 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:38:42 gateway/gateway ipmon[121]: 23:38:41.665571 fxp0 @0:19 b 98.82.198.238,60665 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN Mar 15 23:38:43 gateway/gateway ipmon[121]: 23:38:43.165622 fxp0 @0:19 b 98.82.198.238,60670 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:38:44 gateway/gateway ipmon[121]: 23:38:43.614524 fxp0 @0:19 b 98.82.198.238,60653 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:38:44 gateway/gateway ipmon[121]: 23:38:43.808856 fxp0 @0:19 b 98.82.198.238,60665 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN Mar 15 23:38:44 gateway/gateway ipmon[121]: 23:38:43.836313 fxp0 @0:19 b 98.82.198.238,60670 -> 98.103.xxx,xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:38:48 gateway/gateway ipmon[121]: 23:38:48.305633 fxp0 @0:19 b 98.103.22.25 -> 98.103.xxx.xxx PR icmp len 20 92 icmp echo/0 IN broadcast Mar 15 23:38:48 gateway/gateway ipmon[121]: 23:38:48.490778 fxp0 @0:19 b 98.103.22.25 -> 98.103.xxx.xxx PR icmp len 20 92 icmp echo/0 IN Mar 15 23:38:48 gateway/gateway ipmon[121]: 23:38:48.550230 fxp0 @0:19 b 98.103.22.25 -> 98.103.xxx.xxx PR icmp len 20 92 icmp echo/0 IN broadcast Mar 15 23:43:33 gateway/gateway ipmon[121]: 23:43:33.185836 fxp0 @0:19 b 98.86.34.225,64060 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:43:34 gateway/gateway ipmon[121]: 23:43:33.405137 fxp0 @0:19 b 98.86.34.225,64081 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN Mar 15 23:43:34 gateway/gateway ipmon[121]: 23:43:33.454384 fxp0 @0:19 b 98.86.34.225,64089 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast I blacked out part of my IP address for my own safety.

    Read the article

  • VSFTPD Unable to set write permissions on folder

    - by Frank Astin
    I've just set up my first FTP server with VSFTPD on cent os . I can connect to it fine using a user in the group ftp-users but I get read only access . I've tried several different CHMOD codes on the folder (even 777) all to no avail . This is the tutorial I used to set up the server http://tinyurl.com/73pyuxz hopefully you'll be able to see something I missed. Thanks in advance . Requested Config File : # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # The target log file can be vsftpd_log_file or xferlog_file. # This depends on setting xferlog_std_format parameter xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # The name of log file when xferlog_enable=YES and xferlog_std_format=YES # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log #xferlog_file=/var/log/xferlog # # Switches between logging into vsftpd_log_file and xferlog_file files. # NO writes to vsftpd_log_file, YES to xferlog_file xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=YES # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd whith two configuration files. # Make sure, that one of the listen options is commented !! #listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES

    Read the article

  • route lan traffic through wirless mifi

    - by Randall Blake
    I have a Windows 7 laptop accessing the internet through Verizon wireless MIFI configured as 192.168.1.1. It supports only 5 wireless connections, so I don't want to use up connections unnecessarily. That laptop has an ethernet nic which I have given a static IP of 192.168.0.5. Everything else on the 192.168.0.0 network acquires an address via DHCP from a DLink router whose address is 192.168.0.1. Also on that network are a printer, some network cameras, and a linux pc. The linux pc does not have a wireless card (and I don't want to buy one). The linux pc is located at 192.168.0.122. I can ping the linux pc from the windows pc. But I cannot access the internet from the linux pc. I can ping everything on the 192.168.0.0 network EXCEPT the ethernet card in the Windows PC. It seems as though my DLink router will not route requests to the 192.168.0.5 nic on the windows pc. My windows pc has a default route pointing to the 192.168.1.0 network. It also has a route telling it to route all traffic destined for the 192.168.0.0 network through the 192.168.0.5 interface. I have tried adding a default route to the linux pc to "gateway" 192.168.0.5, but that does not work. I have also tried adding a default route to the linux pc to the gateway 192.168.0.1 (the DLink router) but that will not give me internet access either (over the 192.168.1.0 network). I tried these two different routes at different times - I did not set them both at the same time. I suppose this is a simple problem to solve, but I cannot seem to solve it. How can I give internet access over the 192.168.1.1 MIFI to my linux pc on 192.168.0.122? Thanks EDIT: Additional Info Internet | | MIFI (192.168.1.1) (wireless) | | (192.168.1.3) (wireless) Windows 7 PC Dlink Router (192.168.0.1) ------------ (192.168.0.5) (wired) | | |linux pc (192.168.0.122) (wired) | |printer (192.168.0.100) (wireless) | |network cameras, etc (192.168.0.103) (wireless) Only the windows pc is multi-homed with a wireless nic that connects to the MIFI wirelessly, and an ethernet nic with a wired connection to the DLink router. (The DLink permits both wired and wireless connections.) I don't want to use Windows internet connection sharing because I believe it will set up the ethernet nic as a gateway on 192.168.0.1 and a DHCP server. I already have the Dlink performing that role and I don't want to change that if I do not have to. (The Dlink permits me to make DHCP reservations and I really like that feature. I don't want to lose it.)

    Read the article

  • gunicorn + django + nginx unix://socket failed (11: Resource temporarily unavailable)

    - by user1068118
    Running very high volume traffic on these servers configured with django, gunicorn, supervisor and nginx. But a lot of times I tend to see 502 errors. So I checked the nginx logs to see what error and this is what is recorded: [error] 2388#0: *208027 connect() to unix:/tmp/gunicorn-ourapp.socket failed (11: Resource temporarily unavailable) while connecting to upstream Can anyone help debug what might be causing this to happen? This is our nginx configuration: sendfile on; tcp_nopush on; tcp_nodelay off; listen 80 default_server; server_name imp.ourapp.com; access_log /mnt/ebs/nginx-log/ourapp-access.log; error_log /mnt/ebs/nginx-log/ourapp-error.log; charset utf-8; keepalive_timeout 60; client_max_body_size 8m; gzip_types text/plain text/xml text/css application/javascript application/x-javascript application/json; location / { proxy_pass http://unix:/tmp/gunicorn-ourapp.socket; proxy_pass_request_headers on; proxy_read_timeout 600s; proxy_connect_timeout 600s; proxy_redirect http://localhost/ http://imp.ourapp.com/; #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $my_scheme; #proxy_set_header X-Forwarded-Ssl $my_ssl; } We have configure Django to run in Gunicorn as a generic WSGI application. Supervisord is used to launch the gunicorn workers: home/user/virtenv/bin/python2.7 /home/user/virtenv/bin/gunicorn --config /home/user/shared/etc/gunicorn.conf.py daggr.wsgi:application This is what the gunicorn.conf.py looks like: import multiprocessing bind = 'unix:/tmp/gunicorn-ourapp.socket' workers = multiprocessing.cpu_count() * 3 + 1 timeout = 600 graceful_timeout = 40 Does anyone know where I can start digging to see what might be causing the problem? This is what my ulimit -a output looks like on the server: core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 59481 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 50000 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 1024 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited

    Read the article

  • MySQL: Pacemaker cannot start the failed master as a new slave?

    - by quanta
    I'm going to setup failover for MySQL replication (1 master and 1 slave) follow this guide: https://github.com/jayjanssen/Percona-Pacemaker-Resource-Agents/blob/master/doc/PRM-setup-guide.rst Here're the output of crm configure show: node serving-6192 \ attributes p_mysql_mysql_master_IP="192.168.6.192" node svr184R-638.localdomain \ attributes p_mysql_mysql_master_IP="192.168.6.38" primitive p_mysql ocf:percona:mysql \ params config="/etc/my.cnf" pid="/var/run/mysqld/mysqld.pid" socket="/var/lib/mysql/mysql.sock" replication_user="repl" replication_passwd="x" test_user="test_user" test_passwd="x" \ op monitor interval="5s" role="Master" OCF_CHECK_LEVEL="1" \ op monitor interval="2s" role="Slave" timeout="30s" OCF_CHECK_LEVEL="1" \ op start interval="0" timeout="120s" \ op stop interval="0" timeout="120s" primitive writer_vip ocf:heartbeat:IPaddr2 \ params ip="192.168.6.8" cidr_netmask="32" \ op monitor interval="10s" \ meta is-managed="true" ms ms_MySQL p_mysql \ meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" globally-unique="false" target-role="Master" is-managed="true" colocation writer_vip_on_master inf: writer_vip ms_MySQL:Master order ms_MySQL_promote_before_vip inf: ms_MySQL:promote writer_vip:start property $id="cib-bootstrap-options" \ dc-version="1.0.12-unknown" \ cluster-infrastructure="openais" \ expected-quorum-votes="2" \ no-quorum-policy="ignore" \ stonith-enabled="false" \ last-lrm-refresh="1341801689" property $id="mysql_replication" \ p_mysql_REPL_INFO="192.168.6.192|mysql-bin.000006|338" crm_mon: Last updated: Mon Jul 9 10:30:01 2012 Stack: openais Current DC: serving-6192 - partition with quorum Version: 1.0.12-unknown 2 Nodes configured, 2 expected votes 2 Resources configured. ============ Online: [ serving-6192 svr184R-638.localdomain ] Master/Slave Set: ms_MySQL Masters: [ serving-6192 ] Slaves: [ svr184R-638.localdomain ] writer_vip (ocf::heartbeat:IPaddr2): Started serving-6192 Editing /etc/my.cnf on the serving-6192 of wrong syntax to test failover and it's working fine: svr184R-638.localdomain being promoted to become the master writer_vip switch to svr184R-638.localdomain Current state: Last updated: Mon Jul 9 10:35:57 2012 Stack: openais Current DC: serving-6192 - partition with quorum Version: 1.0.12-unknown 2 Nodes configured, 2 expected votes 2 Resources configured. ============ Online: [ serving-6192 svr184R-638.localdomain ] Master/Slave Set: ms_MySQL Masters: [ svr184R-638.localdomain ] Stopped: [ p_mysql:0 ] writer_vip (ocf::heartbeat:IPaddr2): Started svr184R-638.localdomain Failed actions: p_mysql:0_monitor_5000 (node=serving-6192, call=15, rc=7, status=complete): not running p_mysql:0_demote_0 (node=serving-6192, call=22, rc=7, status=complete): not running p_mysql:0_start_0 (node=serving-6192, call=26, rc=-2, status=Timed Out): unknown exec error Remove the wrong syntax from /etc/my.cnf on serving-6192, and restart corosync, what I would like to see is serving-6192 was started as a new slave but it doesn't: Failed actions: p_mysql:0_start_0 (node=serving-6192, call=4, rc=1, status=complete): unknown error Here're snippet of the logs which I'm suspecting: Jul 09 10:46:32 serving-6192 lrmd: [7321]: info: rsc:p_mysql:0:4: start Jul 09 10:46:32 serving-6192 lrmd: [7321]: info: RA output: (p_mysql:0:start:stderr) Error performing operation: The object/attribute does not exist Jul 09 10:46:32 serving-6192 crm_attribute: [7420]: info: Invoked: /usr/sbin/crm_attribute -N serving-6192 -l reboot --name readable -v 0 The full logs: http://fpaste.org/AyOZ/ The strange thing is I can starting it manually: export OCF_ROOT=/usr/lib/ocf export OCF_RESKEY_config="/etc/my.cnf" export OCF_RESKEY_pid="/var/run/mysqld/mysqld.pid" export OCF_RESKEY_socket="/var/lib/mysql/mysql.sock" export OCF_RESKEY_replication_user="repl" export OCF_RESKEY_replication_passwd="x" export OCF_RESKEY_test_user="test_user" export OCF_RESKEY_test_passwd="x" sh -x /usr/lib/ocf/resource.d/percona/mysql start: http://fpaste.org/RVGh/ Did I make something wrong?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 514 515 516 517 518 519 520 521 522 523 524 525  | Next Page >