Search Results

Search found 6622 results on 265 pages for 'match'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 60/265 | < Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67  | Next Page >

  • tcp flags in iptables: What's the difference between RST SYN and RST and SYN RST ? When to use ALL?

    - by Kris
    I'm working on a firewall for a virtual dedicated server and one of the things I'm looking into is port scanners. TCP flags are used for protection. I have 2 questions. The rule: -p tcp --tcp-flags SYN,ACK,FIN,RST SYN -j DROP First argument says check packets with flag SYN Second argument says make sure the flags ACK,FIN,RST SYN are set And when that's the case (there's a match), drop the tcp packet First question: I understand the meaning of RST and RST/ACK but in the second argument RST SYN is being used. What's the difference between RST SYN and RST and SYN RST ? Is there a "SYN RST" flag in a 3 way handshake ? Second question is about the difference between -p tcp --tcp-flags SYN,ACK,FIN,RST SYN -j DROP and -p tcp --tcp-flags ALL SYN,ACK,FIN,RST SYN -j DROP When should ALL be used ? When I use ALL, does that mean if the tcp packet with the syn flag doesn't have the ACK "and" the FIN "and" the RST SYN flags set, there will be no match ?

    Read the article

  • iptables logging to diferent file via syslog-ng

    - by rahrahruby
    I have the following configuration in my iptables and syslog files: IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 222 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT -A INPUT -j DROP -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 SYSLOG-NG destination d_iptables { file("/var/log/iptables/iptables.log"); }; filter f_iptables { facility(kern) and match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); }; filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news) and not filter(f_iptables); }; log { source(s_src); filter(f_iptables); destination(d_iptables); };` I restart syslog-ng and the log is not written.

    Read the article

  • Where to put X11 drivers configuration in Ubuntu Lucid?

    - by vava
    Since hal is removed from Lucid, where now can I put all those little configuration tweaks for mouse and other input devices? In particular, I want to configure ThinkPad trackpad to enable scrolling with middle button. In hal, it was done with <match key="info.product" string="TPPS/2 IBM TrackPoint"> <merge key="input.x11_options.EmulateWheel" type="string">true</merge> <merge key="input.x11_options.EmulateWheelButton" type="string">2</merge> <merge key="input.x11_options.ZAxisMapping" type="string">4 5</merge> <merge key="input.x11_options.XAxisMapping" type="string">6 7</merge> <merge key="input.x11_options.Emulate3Buttons" type="string">true</merge> <merge key="input.x11_options.EmulateWheelTimeout" type="string">200</merge> </match>

    Read the article

  • Clean URLS on Hiawatha

    - by Botto
    I am using the Hiawatha web server and running drupal on a FastCGI PHP server. The drupal site is using imagecache and it requires either private files or clean urls. The issue I am having with clean urls is that requests to files are being rewritten into index.php as well. My current config is: UrlToolkit { ToolkitID = drupal RequestURI exists Return Match (/files/*) Rewrite $1 Match ^/(.*) Rewrite /index.php?q=$1 } The above does not work. Drupal's apache set up is: <Directory /var/www/example.com> RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] </Directory>

    Read the article

  • OS X Lion - Installing Oracle 10g Standard Edition

    - by Cellze
    Im trying to install oracle 10g on to OS X Lion, I have previous achieved this on snow leopard with the following http://blog.rayapps.com/2009/09/14/how-to-install-oracle-database-10g-on-mac-os-x-snow-leopard/ The issue im having is that the ulimit settings in the oracle/.bash_profile cannot be modified. I have the following in the bash_profile: export DISPLAY=:0.0 export ORACLE_BASE=$HOME umask 022 # must match `sysctl kern.maxprocperuid` ulimit -Hu 512 ulimit -Su 512 # must match `sysctl kern.maxfilesperproc` ulimit -Hn 10240 ulimit -Sn 10240 Upon applying the bash_profile settings . ~/.bash_profile i get the following error: -bash: ulimit: max user processes: cannot be modify limit: Invalid argument This then results in $ sqlplus / as sysdba not functioning correctly with a Segmentation fault: 11 The output of $ ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files (-n) 10240 pipe size (512 bytes, -p) 1 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 512 virtual memory (kbytes, -v) unlimited If any one knows how I can apply these ulimit settings to the oracle user I have created to allow me to install sqlplus and therefore create a db, that would be great.

    Read the article

  • URL redirect to a virtual server on a VLAN

    - by zeroFiG
    I have a production site, running off 10 servers. I've been given another virtual server on the same network as these 10 servers, to use for testing purposes. This server doesn't have it's own DNS entry. Therefore I need to do a redirect to the site hosted on this virtual server for a sub-domain of the site running on the 10 other servers. So Basically I was wondering how I would configure a sub domain of my production server to point at the Virtual server for testing. I'm guessing I need to modify my site file in /etc/apache2/sites-available and add another virtual host like the following and modify the redirect match: <VirtualHost *> ServerName SUBDOMAIN.DOMAIN.com RedirectMatch 301 (.*) **IP ADDRESS** CustomLog /var/log/apache2/SUBDOMAIN.DOMAIN.com.access.log combined </VirtualHost> Do I set the redirect match to just the IP on the Virtual server, and then configure another site file in the sites-available directory, which will recption this redirect and point the browser towards the HTML root? Thanks, I hope I made myself clear.

    Read the article

  • How to find the insertion point in an array using binary search?

    - by ????
    The basic idea of binary search in an array is simple, but it might return an "approximate" index if the search fails to find the exact item. (we might sometimes get back an index for which the value is larger or smaller than the searched value). For looking for the exact insertion point, it seems that after we got the approximate location, we might need to "scan" to left or right for the exact insertion location, so that, say, in Ruby, we can do arr.insert(exact_index, value) I have the following solution, but the handling for the part when begin_index >= end_index is a bit messy. I wonder if a more elegant solution can be used? (this solution doesn't care to scan for multiple matches if an exact match is found, so the index returned for an exact match may point to any index that correspond to the value... but I think if they are all integers, we can always search for a - 1 after we know an exact match is found, to find the left boundary, or search for a + 1 for the right boundary.) My solution: DEBUGGING = true def binary_search_helper(arr, a, begin_index, end_index) middle_index = (begin_index + end_index) / 2 puts "a = #{a}, arr[middle_index] = #{arr[middle_index]}, " + "begin_index = #{begin_index}, end_index = #{end_index}, " + "middle_index = #{middle_index}" if DEBUGGING if arr[middle_index] == a return middle_index elsif begin_index >= end_index index = [begin_index, end_index].min return index if a < arr[index] && index >= 0 #careful because -1 means end of array index = [begin_index, end_index].max return index if a < arr[index] && index >= 0 return index + 1 elsif a > arr[middle_index] return binary_search_helper(arr, a, middle_index + 1, end_index) else return binary_search_helper(arr, a, begin_index, middle_index - 1) end end # for [1,3,5,7,9], searching for 6 will return index for 7 for insertion # if exact match is found, then return that index def binary_search(arr, a) puts "\nSearching for #{a} in #{arr}" if DEBUGGING return 0 if arr.empty? result = binary_search_helper(arr, a, 0, arr.length - 1) puts "the result is #{result}, the index for value #{arr[result].inspect}" if DEBUGGING return result end arr = [1,3,5,7,9] b = 6 arr.insert(binary_search(arr, b), b) p arr arr = [1,3,5,7,9,11] b = 6 arr.insert(binary_search(arr, b), b) p arr arr = [1,3,5,7,9] b = 60 arr.insert(binary_search(arr, b), b) p arr arr = [1,3,5,7,9,11] b = 60 arr.insert(binary_search(arr, b), b) p arr arr = [1,3,5,7,9] b = -60 arr.insert(binary_search(arr, b), b) p arr arr = [1,3,5,7,9,11] b = -60 arr.insert(binary_search(arr, b), b) p arr arr = [1] b = -60 arr.insert(binary_search(arr, b), b) p arr arr = [1] b = 60 arr.insert(binary_search(arr, b), b) p arr arr = [] b = 60 arr.insert(binary_search(arr, b), b) p arr and result: Searching for 6 in [1, 3, 5, 7, 9] a = 6, arr[middle_index] = 5, begin_index = 0, end_index = 4, middle_index = 2 a = 6, arr[middle_index] = 7, begin_index = 3, end_index = 4, middle_index = 3 a = 6, arr[middle_index] = 5, begin_index = 3, end_index = 2, middle_index = 2 the result is 3, the index for value 7 [1, 3, 5, 6, 7, 9] Searching for 6 in [1, 3, 5, 7, 9, 11] a = 6, arr[middle_index] = 5, begin_index = 0, end_index = 5, middle_index = 2 a = 6, arr[middle_index] = 9, begin_index = 3, end_index = 5, middle_index = 4 a = 6, arr[middle_index] = 7, begin_index = 3, end_index = 3, middle_index = 3 the result is 3, the index for value 7 [1, 3, 5, 6, 7, 9, 11] Searching for 60 in [1, 3, 5, 7, 9] a = 60, arr[middle_index] = 5, begin_index = 0, end_index = 4, middle_index = 2 a = 60, arr[middle_index] = 7, begin_index = 3, end_index = 4, middle_index = 3 a = 60, arr[middle_index] = 9, begin_index = 4, end_index = 4, middle_index = 4 the result is 5, the index for value nil [1, 3, 5, 7, 9, 60] Searching for 60 in [1, 3, 5, 7, 9, 11] a = 60, arr[middle_index] = 5, begin_index = 0, end_index = 5, middle_index = 2 a = 60, arr[middle_index] = 9, begin_index = 3, end_index = 5, middle_index = 4 a = 60, arr[middle_index] = 11, begin_index = 5, end_index = 5, middle_index = 5 the result is 6, the index for value nil [1, 3, 5, 7, 9, 11, 60] Searching for -60 in [1, 3, 5, 7, 9] a = -60, arr[middle_index] = 5, begin_index = 0, end_index = 4, middle_index = 2 a = -60, arr[middle_index] = 1, begin_index = 0, end_index = 1, middle_index = 0 a = -60, arr[middle_index] = 9, begin_index = 0, end_index = -1, middle_index = -1 the result is 0, the index for value 1 [-60, 1, 3, 5, 7, 9] Searching for -60 in [1, 3, 5, 7, 9, 11] a = -60, arr[middle_index] = 5, begin_index = 0, end_index = 5, middle_index = 2 a = -60, arr[middle_index] = 1, begin_index = 0, end_index = 1, middle_index = 0 a = -60, arr[middle_index] = 11, begin_index = 0, end_index = -1, middle_index = -1 the result is 0, the index for value 1 [-60, 1, 3, 5, 7, 9, 11] Searching for -60 in [1] a = -60, arr[middle_index] = 1, begin_index = 0, end_index = 0, middle_index = 0 the result is 0, the index for value 1 [-60, 1] Searching for 60 in [1] a = 60, arr[middle_index] = 1, begin_index = 0, end_index = 0, middle_index = 0 the result is 1, the index for value nil [1, 60] Searching for 60 in [] [60]

    Read the article

  • Specifying prerequisites for Puppet custom facts?

    - by larsks
    I have written a custom Puppet fact that requires the biosdevname tool to be installed. I'm not sure how to set things up correctly such that this tool will be installed before facter tries to instantiate the custom fact. Facts are loaded early on in the process, so I can't simply put a package { biosdevname: ensure => installed } in the manifest, since by the time Puppet gets this far the custom fact has already failed. I was curious if I could resolve this through Puppet's run stages. I tried: stage { pre: before => Stage[main] } class { biosdevname: stage => pre } And: class biosdevname { package { biosdevname: ensure => installed } } But this doesn't work...Puppet loads facts before entering the pre stage: info: Loading facts in physical_network_config ./physical_network_config.rb:33: command not found: biosdevname -i eth0 info: Applying configuration version '1320248045' notice: /Stage[pre]/Biosdevname/Package[biosdevname]/ensure: created Etc. Is there any way to make this work? EDIT: I should make it clear that I understand, given a suitable package declaration, that the fact will run correctly on subsequent runs. The difficulty here is that this is part of our initial configuration process. We're running Puppet out of kickstart and want the network configuration to be in place before the first reboot. It sounds like the only workable solution is to simply run Puppet twice during the initial system configuration, which will ensure that the necessary packages are in place. Also, for Zoredache: # This produces a fact called physical_network_config that describes # the number of NICs available on the motherboard, on PCI bus 1, and on # PCI bus 2. The fact value is of the form <x>-<y>-<z>, where <x> # is the number of embedded interfaces, <y> is the number of interfaces # on PCI bus 1, and <z> is the number of interfaces on PCI bus 2. em = 0 pci1 = 0 pci2 = 0 Dir['/sys/class/net/*'].each { |file| devname=File.basename(file) biosname=%x[biosdevname -i #{devname}] case when biosname.match('^pci1') pci1 += 1 when biosname.match('^pci2') pci2 += 1 when biosname.match('^em[0-9]') em += 1 end } Facter.add(:physical_network_config) do setcode do "#{em}-#{pci1}-#{pci2}" end end

    Read the article

  • Sharepoint 2010 and Samba LDAP groups

    - by Jon Rhoades
    The setup: Windows 2008 SP2 Sharepoint 2010 Foundation Samba 3 "Domain" I'm trying to use the Samba LDAP users & groups we already have to access to Sharepoint. I can successfully authenticate using the Samaba accounts (getting the "Error: Access Denied" message as the user has no permissions). So Sharepoint can clearly see and use the existing accounts/groups. What I can't do is be authorised as in the grant permissions interface, Sharepoint now fails to match the account (I get an "No Exact match found..."). Is there a way of getting the Sharepoint permissions interface to recognise and use our existing Samba LDAP accounts? I get it - don't use Samaba, use AD. If I had that option I would, but I don't.

    Read the article

  • Puppet master/agent basic setup

    - by lewap
    I'm trying to setup a basic puppet agent/master use-case with an agent server and a master. I've setup two servers with puppet and puppet master respectively. After the following setup of both servers: puppet master --no-daemonize --verbose puppet agent --test puppet cert --list to get the list, puppet cert --sign to sign it. puppet agent --test I get the message: err: Could not retrieve catalog from remote server: hostname was not match with the server certificate warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: hostname was not match with the server certificate What do I need to do in order to get the agent/master to be able to talk to each other?

    Read the article

  • How do I create something like a negated character class with a string instead of characters?

    - by Chas. Owens
    I am trying to write a tokenizer for Mustache in Perl. I can easily handle most of the tokens like this: #!/usr/bin/perl use strict; use warnings; my $comment = qr/ \G \{\{ ! (?<comment> .+? ) }} /xs; my $variable = qr/ \G \{\{ (?<variable> .+? ) }} /xs; my $text = qr/ \G (?<text> .+? ) (?= \{\{ | \z ) /xs; my $tokens = qr/ $comment | $variable | $text /x; my $s = do { local $/; <DATA> }; while ($s =~ /$tokens/g) { my ($type) = keys %+; (my $contents = $+{$type}) =~ s/\n/\\n/; print "type [$type] contents [$contents]\n"; } __DATA__ {{!this is a comment}} Hi {{name}}, I like {{thing}}. But I am running into trouble with the Set Delimiters directive: #!/usr/bin/perl use strict; use warnings; my $delimiters = qr/ \G \{\{ (?<start> .+? ) = [ ] = (?<end> .+?) }} /xs; my $comment = qr/ \G \{\{ ! (?<comment> .+? ) }} /xs; my $variable = qr/ \G \{\{ (?<variable> .+? ) }} /xs; my $text = qr/ \G (?<text> .+? ) (?= \{\{ | \z ) /xs; my $tokens = qr/ $comment | $delimiters | $variable | $text /x; my $s = do { local $/; <DATA> }; while ($s =~ /$tokens/g) { for my $type (keys %+) { (my $contents = $+{$type}) =~ s/\n/\\n/; print "type [$type] contents [$contents]\n"; } } __DATA__ {{!this is a comment}} Hi {{name}}, I like {{thing}}. {{(= =)}} If I change it to my $delimiters = qr/ \G \{\{ (?<start> [^{]+? ) = [ ] = (?<end> .+?) }} /xs; It works fine, but the point of the Set Delimiters directive is to change the delimiters, so the code will wind up looking like my $variable = qr/ \G $start (?<variable> .+? ) $end /xs; And it is perfectly valid to say {{{== ==}}} (i.e. change the delimiters to {= and =}). What I want, but maybe not what I need, is the ability to say something like (?:not starting string)+?. I figure I am just going to have to give up being clean about it and drop code into the regex to force it to match only what I want. I am trying to avoid that for four reasons: I don't think it is very clean. It is marked as experimental. I am not very familier with it (I think it comes down to (?{CODE}) and returning special values. I am hoping someone knows some other exotic feature that I am not familiar with that fits the situation better (e.g. (?(condition)yes-pattern|no-pattern)). Just to make things clear (I hope), I am trying to match a constant length starting delimiter followed by the shortest string that allows a match and does not contain the starting delimiter followed by a space followed by an equals sign followed by the shortest string that allows a match that ends with the ending delimiter.

    Read the article

  • Why does mod_security require an ACCEPT HTTP header field?

    - by ripper234
    After some debugging, I found that the core ruleset of mod_security blocks requests that don't have the (optional!) ACCEPT header field. This is what I find in the logs: ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] Why is this header required? I understand that "most" clients send these, but why is their absence considered a security threat?

    Read the article

  • VMWare tools on Ubuntu Server 10.10 kernel source problem

    - by Hamid Elaosta
    After install and running the vm-ware config, the config needs my kernel headers to compile some modules, ok, so I'll give it them, but it just won't work. It asks for the path of the directory of C header files that match my running kernel. If I uname -r I get 2.6.35-22-generic-pae So I tell it the source path is /lib/modules/2.6.25-22-generic-pae/build/include and it returns "The directory of kernel headers (version @@VMWARE@@ UTS_RELEASE) does not match your running kernel (version 2.6.35-22-generic-pae). ..I'm confused? can anyone offer suggestions please? I installed hte kernel source andh eaders myself using sudo apt-get install linux-headers-$(uname -r)

    Read the article

  • sftp chroot access via SSH

    - by Cudos
    Hello. I have this setup in sshd_config: AllowUsers test1 test2 Match group sftpgroup ChrootDirectory /var/www X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp Match user test2 ChrootDirectory /var/www/somedomain.dk X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp I am trying to restrict test2 to only use /var/www/somedomain.dk For some reason when I try to login e.g. with Filezilla on account test2 I get this error: "Server unexpectedly closed network connection" The users are created and works. the SSH service has been stopped and started. test1 works when using e.g. filezilla and the root of the connection is /var/www. What am I doing wrong?

    Read the article

  • How do I use qmqtool to list emails from a specific envelope sender?

    - by jimp
    Occassionally a user's email password will become compromised and the spammer will flood the Qmail queue with 10,000+ emails sent through a specific user's account. I know how to use qmqtool to remove messages that match a specific string: qmqtool -d -f "[email protected]" However the -f argument matches anywhere in the message. -f 'STRING' display comma separated list of message number(s) containing STRING. That means messages to, from, and even mentioning that email address will all be deleted. Does qmqtool (or another qmail tool) have a command for matching messages from a specific envelope sender? Note: I only want to match the authenticated sender, not the "From:" which is always forged in this case anyway.

    Read the article

  • Can't get powershell to return where results from GCI using ACL

    - by Rossaluss
    I'm trying to get Powershell to list files in a directory that are older than a certain date and match a certain user. I've got the below script so far which gives me all the files older than a certain date and lists the directory and who owns them: $date=get-date $age=$date.AddDays(-30) ls '\\server\share\folder' -File -Recurse | ` where {$_.lastwritetime -lt "$age"} | ` select-object $_.fullname,{(Get-ACL $_.FullName).Owner} | ` ft -AutoSize However, when I try and use an additional where parameter to select only files owned by a certain user, I get no results at all, even though I know I should, based on the match I'm trying to obtain (as below): $date=get-date $age=$date.AddDays(-30) ls '\\server\share\folder' -File -Recurse | ` where ({$_.lastwritetime -lt "$age"} -and {{(get-acl $_.FullName).owner} -eq "domain\user"}) | ` select-object $_.fullname,{(Get-ACL $_.FullName).Owner} | ` ft -AutoSize Am I missing something? Can I not use the get-acl command in a where condition as I've tried to? Any help would be appreciated. Thanks

    Read the article

  • VMWare tools on Ubuntu Server 10.10 kernel source problem

    - by Hamid Elaosta
    After install and running the vm-ware config, the config needs my kernel headers to compile some modules, ok, so I'll give it them, but it just won't work. It asks for the path of the directory of C header files that match my running kernel. If I uname -r I get 2.6.35-22-generic-pae So I tell it the source path is /lib/modules/2.6.25-22-generic-pae/build/include and it returns "The directory of kernel headers (version @@VMWARE@@ UTS_RELEASE) does not match your running kernel (version 2.6.35-22-generic-pae). ..I'm confused? can anyone offer suggestions please? I installed hte kernel source andh eaders myself using sudo apt-get install linux-headers-$(uname -r)

    Read the article

  • Cisco PIX firewall blocking inbound Exchange email

    - by sumsaricum
    [Cisco PIX, SBS2003] I can telnet server port 25 from inside but not outside, hence all inbound email is blocked. (as an aside, inbox on iPhones do not list/update emails, but calendar works a charm) I'm inexperienced in Cisco PIX and looking for some assistance before mails start bouncing :/ interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pixfirewall domain-name ciscopix.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.1.10 SERVER access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.1.96 255.255.255.240 access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.96 255.255.255.240 access-list outside_acl permit tcp any host 213.xxx.xxx.xxx eq 3389 access-list outside_acl permit tcp any interface outside eq ftp access-list outside_acl permit tcp any host 213.xxx.xxx.xxx eq https access-list outside_acl permit tcp any host 213.xxx.xxx.xxx eq www access-list outside_acl permit tcp any interface outside eq 993 access-list outside_acl permit tcp any interface outside eq imap4 access-list outside_acl permit tcp any interface outside eq 465 access-list outside_acl permit tcp any host 213.xxx.xxx.xxx eq smtp access-list outside_cryptomap_dyn_40 permit ip any 192.168.1.96 255.255.255.240 access-list COMPANYVPN_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any access-list COMPANY_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any access-list outside_cryptomap_dyn_60 permit ip any 192.168.1.96 255.255.255.240 access-list COMPANY_VPN_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any access-list outside_cryptomap_dyn_80 permit ip any 192.168.1.96 255.255.255.240 pager lines 24 icmp permit host 217.157.xxx.xxx outside mtu outside 1500 mtu inside 1500 ip address outside 213.xxx.xxx.xxx 255.255.255.128 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool VPN 192.168.1.100-192.168.1.110 pdm location 0.0.0.0 255.255.255.128 outside pdm location 0.0.0.0 255.255.255.0 inside pdm location 217.yyy.yyy.yyy 255.255.255.255 outside pdm location SERVER 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp 213.xxx.xxx.xxx 3389 SERVER 3389 netmask 255.255.255.255 0 0 static (inside,outside) tcp 213.xxx.xxx.xxx smtp SERVER smtp netmask 255.255.255.255 0 0 static (inside,outside) tcp 213.xxx.xxx.xxx https SERVER https netmask 255.255.255.255 0 0 static (inside,outside) tcp 213.xxx.xxx.xxx www SERVER www netmask 255.255.255.255 0 0 static (inside,outside) tcp interface imap4 SERVER imap4 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 993 SERVER 993 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 465 SERVER 465 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface ftp SERVER ftp netmask 255.255.255.255 0 0 access-group outside_acl in interface outside route outside 0.0.0.0 0.0.0.0 213.zzz.zzz.zzz timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server RADIUS (inside) host SERVER *** timeout 10 aaa-server LOCAL protocol local http server enable http 217.yyy.yyy.yyy 255.255.255.255 outside http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40 crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60 crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 80 match address outside_cryptomap_dyn_80 crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map client authentication RADIUS LOCAL crypto map outside_map interface outside isakmp enable outside isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 telnet 217.yyy.yyy.yyy 255.255.255.255 outside telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh 217.yyy.yyy.yyy 255.255.255.255 outside ssh 0.0.0.0 255.255.255.0 inside ssh timeout 5 management-access inside console timeout 0 dhcpd address 192.168.1.20-192.168.1.40 inside dhcpd dns SERVER 195.184.xxx.xxx dhcpd wins SERVER dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside : end I have Kiwi SysLog running but could use some pointers in that regard to narrow down the torrent of log messages, if that helps?!

    Read the article

  • tc rules block traffic from some hosts at network

    - by user139430
    I have a problem I can not solve. The script, which sets the rules for traffic shaping is blocking the traffic from some hosts.If I remove all the rules, then it works. I can not understand why? Here is my script... #!/bin/sh cmdTC=/sbin/tc rateLANDl="60mbit" ceilLANDl="60mbit" rateLANUl="40mbit" ceilLANUl="40mbit" quantLAN="1514" # Nowaday bandwidth limit set to 100mbit. # We devide it with 60mbit download and 40mbit upload bandthes. rateHiDl="30mbit" ceilHiDl="60mbit" rateHiUl="20mbit" ceilHiUl="40mbit" quantHi="1514" rateLoDl="30mbit" ceilLoDl="60mbit" rateLoUl="20mbit" ceilLoUl="40mbit" quantLo="1514" devNIF=eth0 devFIF=ifb0 modprobe ifb ip link set $devFIF up 2>/dev/null #exit 0 ################################################################################################ # Remove discuiplines from network and fake interfaces ################################################################################################ $cmdTC qdisc del dev $devNIF root 2>/dev/null $cmdTC qdisc del dev $devFIF root 2>/dev/null $cmdTC qdisc del dev $devNIF ingress 2>/dev/null if [ "$1" = "down" ]; then exit 0 fi ################################################################################################ # Create discuiplines for network interface ################################################################################################ $cmdTC qdisc add dev $devNIF root handle 1:0 htb default 12 # Create classes for network interface $cmdTC class add dev $devNIF parent 1:0 classid 1:1 htb rate ${rateLANDl} ceil ${ceilLANDl} quantum ${quantLAN} $cmdTC class add dev $devNIF parent 1:1 classid 1:11 htb rate ${rateHiDl} ceil ${ceilHiDl} quantum ${quantHi} $cmdTC class add dev $devNIF parent 1:1 classid 1:12 htb rate ${rateLoDl} ceil ${ceilLoDl} quantum ${quantLo} $cmdTC qdisc add dev $devNIF parent 1:11 handle 111: sfq perturb 10 $cmdTC qdisc add dev $devNIF parent 1:12 handle 112: sfq perturb 10 # Create filters for network interface $cmdTC filter add dev $devNIF protocol all parent 1:0 u32 match ip dst 10.252.2.0/24 flowid 1:11 $cmdTC filter add dev $devNIF protocol all parent 111: handle 111 flow hash keys dst divisor 1024 baseclass 1:11 $cmdTC filter add dev $devNIF protocol all parent 112: handle 112 flow hash keys dst divisor 1024 baseclass 1:12 ################################################################################################ # Create discuiplines for fake interface ################################################################################################ $cmdTC qdisc add dev $devFIF root handle 1:0 htb default 12 # Create classes for network interface $cmdTC class add dev $devFIF parent 1:0 classid 1:1 htb rate ${rateLANUl} ceil ${ceilLANUl} quantum ${quantLAN} $cmdTC class add dev $devFIF parent 1:1 classid 1:11 htb rate ${rateHiUl} ceil ${ceilHiUl} quantum ${quantHi} $cmdTC class add dev $devFIF parent 1:1 classid 1:12 htb rate ${rateLoUl} ceil ${ceilLoUl} quantum ${quantLo} $cmdTC qdisc add dev $devFIF parent 1:11 handle 111: sfq perturb 10 $cmdTC qdisc add dev $devFIF parent 1:12 handle 112: sfq perturb 10 # Create filters for network interface $cmdTC filter add dev $devFIF protocol all parent 1:0 u32 match ip src 10.252.2.0/24 flowid 1:11 $cmdTC filter add dev $devFIF protocol all parent 111: handle 111 flow hash keys src divisor 1024 baseclass 1:11 $cmdTC filter add dev $devFIF protocol all parent 112: handle 112 flow hash keys src divisor 1024 baseclass 1:12 ################################################################################################ # Create redirect discuiplines from network to fake interface ################################################################################################ $cmdTC qdisc add dev $devNIF handle ffff:0 ingress $cmdTC filter add dev $devNIF parent ffff:0 protocol all u32 match u32 0 0 action mirred egress redirect dev $devFIF Here is my /etc/modules: loop ifb ppp_mppe nf_conntrack_pptp nt_conntrack_proto_gre nf_nat_pptp nf_nat_proto_gre The system is Linux wall 2.6.32-5-amd64 #1 SMP Sun Sep 23 10:07:46 UTC 2012 x86_64 GNU/Linux

    Read the article

  • Transferring NS records to a new server

    - by lanemiller
    I feel like that was NOT worded well, but here is my current predicament. I recently had a GoDaddy dedicated server, and decided after their customer support failed to do anything but disappoint, to switch to Rackspace. We have 2 ns records that point to our godaddy server, and we have a few sites left on the server, that rely on it for their DNS zones, and the owners of the domains fail to respond to us. So, the question is, if I need to transfer the sites off of the OLD godaddy NS, can I point the A records from my ns1.domain.com and ns2.domain.com to match up with IP addresses of the Rackspace nameservers? OR, do I cname my NS records to match the rackspace ones? I DO know that this isn't advised, either method, but I need to get these sites moved before Godaddy tries charging another $2k for the server.

    Read the article

  • Looking for Primos "name generation" code

    - by Greg E
    Anyone remember Primos ? It had a shell-level thing called "name generation" which was very useful. Eg. to rename a bunch of files from part1.suffix to part1.new.suffix2 you could say rename *.suffix =.+new.suffix2 That's a very simple example, it was quite powerful. The control characters were: =,==,^=,^==,+ Which meant approximately: match 1 filename component, match all remaining components, delete one component, delete all remaining, add a component. In conjunction with Primos wildcards you could do pretty much any useful file renaming/copying operation very conveniently. It was much better than Unix wildcards and name generation/iteration and I'd like to find it again and use it. Anyone seen it around ? Not much reference on the interweb: search "Primos name generation" and you get a few fragmentary hits. Thanks !

    Read the article

  • Vlookup using wildcards in indexed column

    - by Dm3k1
    I know how to use a wildcard with Vlookup on the reference value, but what about on the matched column index? I know you can do for instance VLOOKUP("*Hello*",A4:G4,2,FALSE) However, what if you wanted to match a cell that is "Hello", with another one that is "Why, Hello there!" (so the opposite i suppose) My data is set in a way where a macro is going to ask if A4 in workbook 1 matches C2:C25000 in workbook 2 to return the corresponding value in D back to workbook 1. The thought is that when A4 in workbook 1 says Its DHS Here, that I could input a value such as DHS in column C in workbook 2 and have it say its a match. Is this possible?

    Read the article

  • DKIM, spam probability, signing with key at mail server vs sender domain?

    - by Andreas
    I'm working on an email marketing tool and so far we've been recommending our customers to set up an SPF-record (Sender-ID) and a DKIM-record, we also have our own SPF-record on the mail server and a shared DKIM-record for those who do not set up their own DKIM-record. Those that do not set up their own DKIM-records still pass the DKIM-test, but with the notice that "identity doesn't match any headers" (according to port25), i.e, it doesn't match the textual sender domain. But does anyone know if this "discrepancy" actually has any impact on spam scoring/probability, i.e, should we continue to recommend our customers to set up a DKIM-record (as opposed to just using our shared) or is just wasted effort?

    Read the article

  • file copy error from system to cifs mount

    - by dwpriest
    When coping a file greater than 64kB from an Ubuntu server to a CIFS mounted windows share, most of the data is copied, but it seems the last chunk doesn't get copied. The size doesn't match, and the md5 check sums don't match. I have plenty of file space, but then I use cp, I get the following... cp: closing `cloudBackup/asdf.txt': No space left on device Using rsync, I get the following... rsync: close failed on "/home/fluffy/cloudBackup/.asdf.txt.qrBWe6": No space left on device (28) rsync error: error in file IO (code 11) at receiver.c(752) [receiver=3.0.8] rsync: connection unexpectedly closed (29 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(601) [sender=3.0.8] I have full read/write permissions on the mounted share. I can copy via SSH just fine. Any ideas? Thank you

    Read the article

  • Cannot access shares via \\servername but \\ip works

    - by Jeff
    To set up the scenario: One of our techs set one of the domain controllers to use Microsoft time. The time IS correct (including Time Zone) and DOES match the other domain controller's time; it was previously incorrect, however. Since the change, no users can connect via \\servername\share or \\servername.domainname.com but \\ip\share works fine. I cannot even access it from the other domain controller with which I know both have the same time. The servername DOES resolve to the correct IP address. Also, strangely enough, \\domainname.com works as well which resolves to the same server. Finally Everything that I have tried does resolve to the same, correct IP address. The error is: login failure: The target account name is incorrect. I believe it is time related but since the times are correct and match I'm not sure. Anyone know what might cause this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67  | Next Page >