Search Results

Search found 45752 results on 1831 pages for 'ubuntu linux'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 727/1831 | < Previous Page | 723 724 725 726 727 728 729 730 731 732 733 734  | Next Page >

  • Secure openVPN using IPTABLES

    - by bob franklin smith harriet
    Hey, I setup an openVPN server and it works ok. The next step is to secure it, I opted to use IPTABLES to only allow certain connections through but so far it is not working. I want to enable access to the network behind my openVPN server, and allow other services (web access), when iptables is disabaled or set to allow all this works fine, when using my following rules it does not. also note, I already configured openVPN itself to do what i want and it works fine, its only failing when iptables is started. Any help to tell me why this isnt working will appreciated here. These are the lines that I added in accordance with openVPN's recommendations, unfortunately testing these commands shows that they are requiered, they seem incredibly insecure though, any way to get around using them? # Allow TUN interface connections to OpenVPN server -A INPUT -i tun+ -j ACCEPT #allow TUN interface connections to be forwarded through other interfaces -A FORWARD -i tun+ -j ACCEPT # Allow TAP interface connections to OpenVPN server -A INPUT -i tap+ -j ACCEPT # Allow TAP interface connections to be forwarded through other interfaces -A FORWARD -i tap+ -j ACCEPT These are the new chains and commands i added to restrict access as much as possible unfortunately with these enabled, all that happens is the openVPN connection establishes fine, and then there is no access to the rest of the network behind the openVPN server note I am configuring the main iptables file and I am paranoid so all ports and ip addresses are altered, and -N etc appears before this so ignore that they dont appear. and i added some explanations of what i 'intended' these rules to do, so you dont waste time figuring out where i went wrong : 4 #accepts the vpn over port 1192 -A INPUT -p udp -m udp --dport 1192 -j ACCEPT -A INPUT -j INPUT-FIREWALL -A OUTPUT -j ACCEPT #packets that are to be forwarded from 10.10.1.0 network (all open vpn clients) to the internal network (192.168.5.0) jump to [sic]foward-firewall chain -A FORWARD -s 10.10.1.0/24 -d 192.168.5.0/24 -j FOWARD-FIREWALL #same as above, except for a different internal network -A FORWARD -s 10.10.1.0/24 -d 10.100.5.0/24 -j FOWARD-FIREWALL # reject any not from either of those two ranges -A FORWARD -j REJECT -A INPUT-FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT-FIREWALL -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT-FIREWALL -j REJECT -A FOWARD-FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT #80 443 and 53 are accepted -A FOWARD-FIREWALL -m tcp -p tcp --dport 80 -j ACCEPT -A FOWARD-FIREWALL -m tcp -p tcp --dport 443 -j ACCEPT #192.168.5.150 = openVPN sever -A FOWARD-FIREWALL -m tcp -p tcp -d 192.168.5.150 --dport 53 -j ACCEPT -A FOWARD-FIREWALL -m udp -p udp -d 192.168.5.150 --dport 53 -j ACCEPT -A FOWARD-FIREWALL -j REJECT COMMIT now I wait :D

    Read the article

  • How do I setup unison to sync a folder one way

    - by Rob
    I have a 1tb NAS that has a 1tb usb external hard attached I have prepared the file system on the usb disk and mounted it I want to 100% sync my data from my nas to the usb disk - but I want it to be incremental and only have the NAS as the 'master' - eg if a file changes on the usb external hard drive I want it to ignore this change as its not the live version (not that I think the files will change on the usb disk but im paranoid the live could get overwritten) Also if a file gets deleted on live I want to retain the deleted file on the usb disk Can unison sync one-way and achive the above for me? if so with simply unison sorce/ target/ Work? Thanks Rob

    Read the article

  • SELinux Contexts

    - by Josh
    I am configuring Apache\PHP and noticed Apache complaining about permissions with the php shared object. Starting httpd: httpd: Syntax error on line 206 of /etc/httpd/conf/httpd.conf: Cannot load /usr/lib/httpd/modules/libphp5.so into server: /usr/lib/httpd/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied I looked at the context (started fine with enforcement off) and found: [root@HDSSERVER conf]# ls --lcontext /usr/lib/httpd/modules/libphp5.so -rwxr-xr-x 1 root:object_r:httpd_modules_t root root 15565418 May 10 08:39 /usr/lib/httpd/modules/libphp5.so Shouldn't httpd (apache) be able to access files with a context of httpd_modules_t? I got it fixed by applying chcon -t textrel_shlib_t '/usr/lib/httpd/modules/libphp5.so' But I would think the httpd version would work before this one. Can someone explain this to me?

    Read the article

  • Using public interfaces on a server connected through a GRE tunnel

    - by Evan
    I'm pretty new to networking so please forgive any terminology mistakes. I have 2 servers connected with a GRE tunnel. Server1 (10.0.0.1) ---- Server2 (10.0.0.2) I want to be able to bind to the public IPs on Server2 using Server1. To do this, I setup virtual interfaces with Server2's public IPs on Server1 and then used routing rules on Server1 to route the packets through the GRE tunnel. On Server1: ip rule add from [Server2's first public IP] table gre ip rule add from [Server2's second public IP] table gre ip route add default via 10.0.0.2 dev gre1 table gre This works great and I can see the packets arriving via GRE on Server2. I can see the packet exiting the tunnel on Server2's gre1 device as shown: From Server1: ping -I [Server2's public ip] google.com tcpdump from Server2's GRE tunnel device: 12:07:17.029160 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) [Server2's public ip] > 74.125.225.38: ICMP echo request, id 6378, seq 50, length 64 This is exactly the packet I want. However, I'm not seeing it go out at all on eth0:0 (where Server2's public IP is bound to). I've tried to use routing rules to get packets coming from Server2's public IP (which would be coming out of dev gre1) to go through dev eth0 on the public default gateway and that doesn't work either. I'm at a loss, thank you to anyone who can help.

    Read the article

  • Which is the fastest way to move 1Petabyte from one storage to a new one?

    - by marc.riera
    First of all, thanks for reading, and sorry for asking something related to my job. I understand that this is something that I should solve by myself but as you will see its something a bit difficult. A small description: Now Storage = 1PB using DDN S2A9900 storage for the OSTs, 4 OSS , 10 GigE network. (lustre 1.6) 100 compute nodes with 2x Infiniband 1 infiniband switch with 36 ports After Storage = Previous storage + another 1PB using DDN S2A 990 or LSI E5400 (still to decide) (lustre 2.0) 8 OSS , 10GigE network 100 compute nodes with 2x Infiniband Previous experience: transfered 120 TB in less than 3 days using following command: tar -C /old --record-size 2048 -b 2048 -cf - dir | tar -C /new --record-size 2048 -b 2048 -xvf - 2>&1 | tee /tmp/dir.log So , big problem here, using big mathematical equations I conclude that we are going to need 1 month to transfer the data from one side to the new one. During this time the researchers will need to step back, and I'm personally not happy with this. I'm telling you that we have infiniband connections because I think that may be there is a chance to use it to transfer the data using 18 compute nodes (18 * 2 IB = 36 ports) to transfer the data from one storage to the other. I'm trying to figure out if the IB switch will handle all the traffic but in case it just burn up will go faster than using 10GigE. Also, having lustre 1.6 and 2.0 agents on same server works quite well, with this there is no need to go by 1.8 to upgrade the metadata servers with two steps. Any ideas? Many thanks Note 1: Zoredache, we can divide it in two blocks (A)600Tb and (B)400Tb. The idea is to move (A) to new storage which is lustre2.0 formated, then format where (A) was with lustre2.0 and move (B) to this lustre2.0 block and extend with the space where (B) was. This way we will end with (A) and (B) on separate filesystems, with 1PB each.

    Read the article

  • How can I fix puppet refusing to start and asking for "master.pp"?

    - by cwd
    I'm using the very latest version of puppet and have been following the Apress "Pro Puppet" guide step by step. I have installed puppet sudo aptitude install ruby libshadow-ruby1.8 sudo aptitude install puppet puppetmaster facter I have edited /etc/puppet/puppet.conf to include certname [master] certname=puppet.mydomain.com I have edited /etc/hosts and added the following line 127.0.0.1 puppet.mydomain.com puppet I have set the hostname of the server echo "puppet.mydomain.com" > /etc/hostname hostname -F /etc/hostname And then I try and run puppet from the command line. puppet master --verbose --no-daemonize And puppet gives me this error: Could not parse for environment production: Could not find file /master.pp I'm running all commands with sudo and the last line of the error message always says that it can't find master.pp and the path before it is to my current working directory. What am I doing wrong? I should also mention that I don't have a DNS record set up for puppet.mydomain.com - I saw some online documentation mentioning this might be a problem - however I was fairly sure that the hosts file would let me get around that.

    Read the article

  • Monitor open files limits, etc

    - by marcog
    We've been hitting the max open files limit on a few services recently. There are also a bunch of other limits in place. Is there a way to monitor how close processes are to these limits so we can be alerted when it's time to either up the limits or fix the root cause? On the same note, is it possible to view a log of these events so we know when a crash occurs it's because of hitting one of these limits?

    Read the article

  • Vim: tab-align multiple lines?

    - by Andrew Bolster
    In GUI style editors, you can generally select multiple lines, press tab a few times to move all the lines across (or shift-tab to go back). I have no idea how to do this in VIM. I googled around and couldn't find any straight answer to I came here.

    Read the article

  • how to make a php crontab silent

    - by BandonRandon
    I set up a crontab in Cpanel to run every min. It's working great but I don't want an e-mail every min. I have a second cron tab that runs every day. I would like the responce of this tab. Is there a way to tell the crontab to be silent or only e-mail on error? I have: * * * * * php /home/public_html/folder/file.php 2>&1 The last bit 2>&1 I added because i thought it would make it silent. From the Cpanel Docs: You can have cron send an email everytime it runs a command. If you do not want an email to be sent for an individual cron job you can redirect the command's output to /dev/null like this: mycommand /dev/null 2&1

    Read the article

  • Post compiled php 5.4 curl installation

    - by user140657
    I recently compiled php 5.4 from source. I have Centos 6. I used this configuration: # ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql # make # make install # cp php.ini-dist /usr/local/lib/php.ini I realize now that I do not have cURL installed. I don't know how to install cURL after a compiled installation of php. Using yum install php-curl installs cURL for php 5.3. I tried this already with an apache restart and it did not show up on my phpinfo file. How do I install cURL under these circumstances?

    Read the article

  • Download Sun Studio via CLI

    - by ramesh.mimit
    Can anybody please guide me how to download the sun studio from CLI. I was using wget and lynx programs but not worked. As I have only SSH access to my server and I cant not download it on local machine and upload it on server, will be bad option for me as it will take hours to upload. Sun Studio download requires registration + authentication. I have both but not sure how to include those options while downloading via CLI.

    Read the article

  • RTL8168B/8111B Lan card is not detected in Redhat..Error is make ***/lib/modules/2.6.18-53.e15/build

    - by Deepak Narwal
    0 Hello friends... In My computer Lan card model is Realtek RTL8168B/8111B PCI-E GIGABIT ETHERNET NIC (NDIS 6.20) My system is dual boot windows 7 and redhat 5.1.Redhat is not picking up this model of Lan card automaticlly. I tried it by downloading from realtak site for this particular model and find some .tar packages for my kernal and when i tried to install them ... check old drivers & unload it build the module and install make */lib/modules/2.6.18-53.e15/build: no such file or directory stop make[1]: *[modules] error 2 make : [modules] error 2 i downloaded tar files from sites and unpack according to their instrution i tried to run autorun.sh script as mentioned in readme file but after doing this it is showing above error... Now what to do i am not getting

    Read the article

  • How to copy symlinks to target as normal folders

    - by Marek
    Hi i have a folder with symlinks: marek@marek$ ls -al /usr/share/solr/ razem 36 drwxr-xr-x 5 root root 4096 2010-11-30 08:25 . drwxr-xr-x 358 root root 12288 2010-11-26 12:25 .. drwxr-xr-x 3 root root 4096 2010-11-24 14:29 admin lrwxrwxrwx 1 root root 14 2010-11-24 14:29 conf -> /etc/solr/conf i want to copy it to ~/solrTest but i want to copy files from symlink as well when i try to cp -r /usr/share/solr/ ~/solrTest i will have symlink here: marek@marek$ ls -al ~/solrTest razem 36 drwxr-xr-x 5 root root 4096 2010-11-30 08:25 . drwxr-xr-x 358 root root 12288 2010-11-26 12:25 .. drwxr-xr-x 3 root root 4096 2010-11-24 14:29 admin lrwxrwxrwx 1 root root 14 2010-11-24 14:29 conf -> /etc/solr/conf

    Read the article

  • Editing .bash_profile file not taking effect

    - by Sandeepan Nath
    I need to put export PATH=$PATH:/opt/lampp/bin to my ~/.bash_profile file so that mysql from command line works on my system. Please check mysql command line not working for further details on that. I am working on a fedora system and logged in as root user. If I run locate .bash_profile then I get these:- /etc/skel/.bash_profile /home/sam/.bash_profile /home/sohil/.bash_profile /home/windows/.bash_profile /root/.bash_profile So, I modified the /root/.bash_profile file like this:- from PATH=$PATH:$HOME/bin export PATH to PATH=$PATH:/opt/lampp/bin export PATH But, still the change is not taking effect - Opening a new console and running mysql again says bash: mysql: command not found. However running export PATH=$PATH:/opt/lampp/bin in console makes it work for that session. So, I am doing something wrong with the .bash_profile file. May be editing incorrect one or doing the edit incorrectly.

    Read the article

  • Log rotation with automatic *.log file discovery

    - by Mikko Ohtamaa
    I am hosting several websites which each of run their own Python process and write *.log output files, but the directory structure is not standardized. Example: -rw-r--r-- 1 plone plone 125M 2012-08-29 11:35 ./x/var/log/instance-Z2.log -rw-r--r-- 1 plone plone 19M 2012-08-29 00:07 ./zope2.9/y/log/event.log -rw-r--r-- 1 plone plone 188M 2012-08-13 00:09 ./zope2.9/y/log/Z2.log -rw-r--r-- 1 plone plone 137M 2010-11-16 09:41 ./zope2.9/y/log/event.log I'd like to make log rotate autodiscovery these log files and run a log rotation on them, as opposite to manually type in every log file to logrotate conf. Does any existing tools offer this kind of log file discovery and rotation capabilities, without manually specifying each file? If not... then just write a shell script which generates the logrotate conf?

    Read the article

  • Host timeout during file upload/download over SFTP/SSH

    - by kritop
    I tried different clients because i thought its client related, but all of them sooner or later disconnect or stop uploading/downloading files, and getting a timeout disconnect. After a reconnect it works again for a bit of time. Really strange cannot figure out the reason. I'm on a mac and the server is a debian VPS! If u need further informations ask please! I appreciate any tips, because i'm kinda stuck!

    Read the article

  • How would I force Debian to use the physical sector size on a hard disk?

    - by Confused User
    I just purchased a few new 3TB WD drives. These have physical 4k sectors, but there is some sort of layer which is providing 512B logical sectors (see the partition table below). In order to attempt to get some more speed out of my hard drives, I would like to get rid of this logical layer and actually use the physical 4k sectors. However, I can't figure out how to do this (or even if it's possible) from the man pages of fdisk and parted, or from searching Google. Does anybody know how this could be done? As to why this is relevant, this page demonstrates that meerly aligning the sectors properly can already make up to a 25% speed difference for reads, and more than 2500% for writes in some cases! Getting rid of the logical sectors in favor of the physicals ones should improve speeds even more. Thanks! $ parted /dev/sdc GNU Parted 2.3 Using /dev/sdc Welcome to GNU Parted! Type 'help' to view a list of commands. (parted) print Model: ATA WDC WD30EZRX-00M (scsi) Disk /dev/sdc: 3001GB Sector size (logical/physical): 512B/4096B Partition Table: gpt Number Start End Size File system Name Flags 1 1049kB 3001GB 3001GB zfs 9 3001GB 3001GB 8389kB P.S. I don't care about the data on the drives, I was just playing with different file systems. Also, this is my first time posting here, so please let me know if my posts should be formatted differently, etc.

    Read the article

  • How to add message that will be read with dmesg?

    - by calandoa
    I am trying to write some custom messages in my dmesg output. I tried: logger "Hello" but this does not work. It exits without error, but no "Hello" appears int the output of: dmesg I am using a Fedora 9, and it seems that there is no syslogd/klogd daemon running. However, all my kernel messages are succesfully written in the dmesg buffer. Any idea?

    Read the article

  • Redirect output of Python program to /dev/null

    - by STM
    I have a Python executable, written and compiled by somebody else, that I simply need to run once halfway down my own bash script. The program uses a text-based UI, therefore waits for input before proceeding, but the key operations it performs when starting are required in my bash script. A messy (and strange) procedure I know, but unfortunately I haven't got any other options. I've gotten around forcefully closing the program with a kill signal, but the program's TUI insists on outputting to wherever it's run. I've tried redirecting both stdout and stderr to /dev/null and running the program in the background by suffixing an ampersand, but simply can't get it to play ball. I believe the cause is the program spawns other processes, and the output redirection of the parent process doesn't affect them. Is there any trick I can utilise to redirect all output from child processes too?

    Read the article

  • SSL error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

    - by Tiffany Walker
    ERROR: SSL error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch STEPS: openssl genrsa -out SITE.TLD.key 2048 openssl req -new -key SITE.TLD.key -out SITE.TLD.csr (send CSR to SSL site to sign) add CERT to SITE.TLD.crt add CA to SITE.TLD.ca chained them: cat SITE.TLD.crt SITE.TLD.ca > chained.cert Any Idea what I am doing wrong? I am using LiteSpeed HTTPd

    Read the article

  • Apache only transferring partial content from a Samba share

    - by thaBadDawg
    I have an Apache server running on CentOS 5.3. It currently hosts 12 sites with no known issues. (I say this to point out that up to this point my Apache installation has performed flawlessly) I'm adding a new site where the DocumentRoot of the new VirtualHost is a Samba share. When at the command line of the server I can cp video.m4v ~ and the whole file is copied properly to my home directory. But when I try to access the file from IE/Firefox/Safari/Chrome it only passes back a partial result of 33k. The same thing is happening with my image and audio files. If I make the files local to the server by copying them from the share and then serving them up then the files transfer. Any ideas?

    Read the article

  • FreeRADIUS Default Answer

    - by jinanwow
    We are using FreeRADIUS with a MySQL database, authenticating users. We ran into an issue where are MySQL database was slow causing the max number of threads to be reached. The issue with this is, when the server couldn't answer the requests as there were no threads avaiable, it sent the response of Access-Reject to the clients. Our devices cache client connections and periodically checks with the server to see if they should still be allowed or to remove them. The equipment is designed that if there is no response from the server and a client is connected it will remain connected. The issue is, when the radius server is at its max threads, its default answer is to send access-reject (verified via packet capture), however we would like to change the default behavior to just ignore the request (keeping the clients connected). We have fixed the MySQL database issue for now, but I would like to change the default from Access-Reject, to just ignore the client altogeather. I have done research, but not able to find an answer to the question. Thanks in Advance.

    Read the article

  • squid running out of sockets

    - by drscroogemcduck
    I have a setup where squid sits in front of a java server and acts as a reverse proxy. Recently i've load tested the site and if i fire 100 threads at it each making a request using jmeter i start getting errors in my load test tool like 'no route to host' even though the load test tool and the server are on the same machine. if i run the following command where port 82 is the port my squid server is running on: netstat -ann | grep 82 | wc -l i get 22000 or something and most of them are in TIMED_WAIT. i'm thinking that maybe the huge number of sockets in the TIMED_WAIT state are starving the box of resources.

    Read the article

  • how to word wrap, align text like the output of man?

    - by cody
    what is the command that word wraps and justifies a text file so that the output looks like that of a man page: All of these system calls are used to wait for state changes in a child of the calling process, and obtain information about the child whose state has changed. A state change is considered to be: the child terminated; the child was stopped by a signal; or the child was resumed by a signal. In the case of a terminated child, performing a wait allows the system to release the resources associated with the child; if a wait is not performed, then the termi- nated child remains in a "zombie" state (see NOTES below). Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 723 724 725 726 727 728 729 730 731 732 733 734  | Next Page >