Search Results

Search found 86974 results on 3479 pages for 'visualsvn server'.

Page 1311/3479 | < Previous Page | 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318  | Next Page >

• How do I update the memberOf attributes of existing objects after adding the OpenLDAP Reverse Group Membership Maintenance overlay?

  - by mss

  This is a follow-up to this question: I added the memberof overlay to an existing OpenLDAP 2.4 server. Now I want to update the existing user objects. For new group memberships, the memberOf attribute is updated correctly. But I have a bunch of existing groups which aren't updated automatically. I could remove all users from their groups and re-add them to make sure these entries are in sync. Since this is a Univention Corporate Server which does a lot of magic when you modify the LDAP, I don't want to risk breaking my directory. Is there a way to trick the overlay to update these operational attributes?

  Read the article

• Why doesn't my PHP install see the MySQL extension?

  - by Evan Padd

  So I just set up PHP (Version 5.2.17), MySQL (5.5.28), and Apace (2.2) on my Windows 7 computer. I want to test a mysql connection, but the mysql extension is apparently not loaded (based on phpinfo()). Here's what I did: Changed the extension dir in the php.ini (extension_dir = ".;c:\php\ext") and uncommented the extension=php_mysql.dll line Copied libmysql.dll to the Apache's bin directory Added C:\php to the system's $PATH Restarted the server, then the computer And it's still not working. What did I miss? EDIT: I'm looking through phpinfo()'s outout and it says: "Server API | Apache 2.0 Handler" and I'm running 2.2. Is that a problem?

  Read the article

• ESXi - Should failover node be in the same geographic location?

  - by Ryan

  For some reason it seems to me that at least one failover should be in the same building. But really I have no idea. Could there be an issue with routing delays for users during a failure? I'm just imagining reasons at this point. Let me know, should at least one failover node be at the same geographic location as the other? I am trying to prevent what appears to be a poor decision so any feedback or life experience you can share would be grand. Will mostly be running Windows Server 2008 with SQL Server 2008 as our guest OS.

  Read the article

• How to check if redis master is OK?

  - by e-satis

  On the documentation, they advice the monitor command. But it has a 50% performance penalty for the whole system, and how should I do that ? Whatching the ouput using SSH until I don't see anything ? Let's say I have 3 servers: 1 with a redis master, 1 with a redis slave, and one with my website querying the redis master. How can I, from my website server, make cleany the decision to fallback to the slave by sending the SLAVEOF NO ONE command ? My first step would be to put some kind of timeout check with a simple ping, just to be sure the server is online. But for redis specifically, I have no clue.

  Read the article

• Wamp virtualhost with supporting of remote access

  - by Farid

  To cut the long story short, I've setup a Wamp server with local virtual host for domain like sample.dev, now I've bind my static IP and port 80 to my Apache and asked the client to make some changes in his hosts file and add x.x.x.x sample.dev , I've also configured my httpd virtual host like this : <VirtualHost *:80> ServerAlias sample.dev DocumentRoot 'webroot_directory' </VirtualHost> Client can reach to my web server using the direct access by ip address, but when he tries using the sample domain looks like he gets in to some infinite loop. The firewall is off too. What would be the problem?! Thanks.

  Read the article

• Gitolite and Gitlab - How the `www-data` user can checkout?

  - by mblaettermann

  I have just installed Gitolite and Gitlab and I am very happy with it. Everything works fine so far. I can create repos, push to them, clone them on other clients on the network. Great! But now I wanted to do some post-receive hooks. I.e. when I push to some repo, this repo should be checked out on the server in the /var/www/repos directory. I did this with Gitlabs Deploy Hooks and this Endpoint-Script. The problem is that the scripts are run under the user "www-data" which has no access to gitlab/gitolite. How do I change this? I need to be able to checkout repos with www-data user and using git@server/repo.git syntax.

  Read the article

• Django fails to find static files served by nginx

  - by Simon

  I know this is a really noobish question but I can't find any solution despite finding the problem trivial. I have a django application deployed with gunicorn. The static files are served by the nginx server with the following url : myserver.com/static/admin/css/base.css. However, my django application keep looking for the static files at myserver.com:8001/static/admin/css/base.css and is obviously failing (404). I don't know how to fix this. Is it a django or an nginx problem ? Here is my nginx configuration file : server { server_name myserver.com; access_log off; location /static/ { alias /home/myproject/static/; } location / { proxy_pass http://127.0.0.1:8001; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"'; } } Thanks for the help !

  Read the article

• Tomcat access logs - are failed requests included?

  - by Maxim Eliseev

  We have a RESTful web service (Java, hosted in Tomcat on Ubuntu on Amazon EC2). From time to time it fails (not every week). When it fails, Java CPU consumption goes to 100% and it takes all available memory. It does not finish by itself. I have to restart the server. There is nothing suspicious in Tomcat access logs. I guess one of our users could submit a very "heavy" request which brought the server down. Is it possible this request is not in Tomcat logs since it never finished?

  Read the article

• How can I increase space on the Filesystem linux?

  - by xtrimsky

  I am renting a dedicated server with Parallel Plesk on it (which I hate and I try to use command line). I have a filesystem that is full,"df -H" prints this: Filesystem Size Used Avail Use% Mounted on /dev/md1 4.0G 4.0G 361k 100% / /dev/mapper/vg00-usr 4.3G 1.4G 3.0G 32% /usr /dev/mapper/vg00-var 4.3G 2.8G 1.6G 64% /var /dev/mapper/vg00-home 4.3G 4.4M 4.3G 1% /home none 1.1G 24M 1.1G 3% /tmp tmpfs 1.1G 0 1.1G 0% /usr/local/psa/handlers/before-local tmpfs 1.1G 0 1.1G 0% /usr/local/psa/handlers/before-queue tmpfs 1.1G 0 1.1G 0% /usr/local/psa/handlers/before-remote tmpfs 1.1G 0 1.1G 0% /usr/local/psa/handlers/info tmpfs 1.1G 0 1.1G 0% /usr/local/psa/handlers/spool The server I'm renting has 1TB of hard drive. Why are these so small, how can I increase my storage ? (I'm pretty beginner with Linux). Thank you

  Read the article

• fstab and cifs mounting, possible to store authentication information outside of fstab?

  - by tj111

  I am currently using cifs to mount some network shares (that require authentication) in /etc/fstab. It works excellently, but I would like to move the authentication details (username/pass) outside of fstab and be able to chmod it 600 (as fstab can have issues if I were to change its permissions). I was wondering if it is possible to do this (many-user system, don't want these permissions to be viewable by all users). from: //server/foo/bar /mnt/bar cifs username=user,password=pass,r 0 0 to: //server/foo/bar /mnt/bar cifs <link to permissions>,r 0 0 (or something analogous to this). Thanks.

  Read the article

• curl XPUT returning HTTP 500 error message

  - by pradeepchhetri

  I have added the following changes in nginx configuration. server { listen 8080; root /usr/share/nginx/www; client_body_temp_path /tmp/; dav_methods PUT DELETE MKCOL COPY MOVE; create_full_put_path on; dav_access user:rw group:rw all:rw; } I have my nginx configured with --with-http_dav_module also. But when I am trying to running the command: $ curl -XPUT http://172.16.31.127:8080/test.html -d 'test' I am getting 500 Internal Server error. Can anyone help me out in solving this.

  Read the article

• Nginx proxy to Apache - resolve HTTP ORIGIN

  - by Fratyr

  I have a server setup with nginx serving static content and proxy all PHP/dynamic requests to apache on 127.0.0.1 I'm building an API for my databases, and I need to allow clients by their origin (domain name), rather than just IP. Based on CORS rules. So when I send an HTTP header header("Access-Control-Allow-Origin: www.client-requesting.myapi.com"); from my API server, I have to tell it which origin I allow, otherwise client side requests won't work to my API due to same-origin policy. The question is how can I know which domain name (if any) called my API? What should be the nginx and apache configuration to pass the origin parameter? I tried to google, and all I found is some possible solution with mod_rpaf, but I wanted to be sure. Thanks!

  Read the article

• Is SmoothWall a good firewall alternative?

  - by Oden

  I found this linux distribution, called SmoothWall. I read its documentation and it looks pretty for me. The only problem is, that I'm not a big linux professional and I have also not a lot of experience but I want to know your thoughts about this "Firewall OS"! Can it be used for small-business environment, with 15-17 PC-s? I would use the server also as cache proxy. Is this a good idea? (I mean, using one server for two things)

  Read the article

• LPR command won't recognize CUPS printer

  - by Datapimp23

  I have a cups server with one shared printer configured on it. It prints test pages without problems. printername (Idle, Accepting Jobs, Shared) Description: desc Location: Driver: Zebra ZPL Label Printer (grayscale, 2-sided printing) Connection: socket://172.20.50.26 Defaults: job-sheets=none, none media=oe_w288h432_4x6in sides=one-sided This is the output from lpstat -t. it shows that the printer is idle and accepting requests admin@SERVER:~$ lpstat -t scheduler is running no system default destination device for printername: socket://172.20.50.26 printername accepting requests since Thu 26 Jan 2012 01:29:35 PM CET printer printername is idle. enabled since Thu 26 Jan 2012 01:29:35 PM CET Now when I want to send a printjob to it via an LPR command it won't recognize the printer /usr/bin/lpr -P printername test.pdf Result lpr: ttn_seg_zebra1: unknown printer What am I missing here ?

  Read the article

• Authentication issues setting up iRedMail on Debian

  - by Sergio Rinaudo

  I'm setting up an exchange server using iRedMail. Following the official iRedMail installation guide (http://www.iredmail.org/install_iredmail_on_debian.html) and the Digital Ocean guide (https://www.digitalocean.com/community/articles/how-to-install-iredmail-on-ubuntu-12-04-x64) I was able to install iRedMail without any problems, so I have all the services up and running. I can configure domains and emails using iRedAdmin BUT I have problem both sending and receiving email, what I get from Roundcube is 'Authentication error' when trying to send an email. Also I can't receive anything. I also tried to connect to the mx server using telnet, it connects, but after the STARTTLS command, when I start to write "MAIL FROM:" the connection is lost. Something in the configuration is not working (at the moment I have the configuration written by the iRedMail installation) but I do not know where, I hope someone can enlight me! Thank you

  Read the article

• New-ActiveSyncMailboxPolicy "not implemented" on Exchange 2007 SP3

  - by Flo

  If I try to run: New-ActiveSyncMailboxPolicy Test directly in the Powershell, it asks me if im sure, and if so, it does what it should. But if I try the same from my example Code in C#, then I get an error, saying that "the current host does not implement it". Other Commands like Set-CASMailbox or Get-ActiveSyncMailboxPolicy work just fine, both in the powershell and my application. The Exchange Server/Windows Server 2008R2 and Domain are all setup completely new (test-environment). Is there a way to make this possible?

  Read the article

• How to receive mail in Qmail?

  - by Ivan

  I've a server that uses Qmail. It is installed by default and it is supposed to work. I've created a new domain and new user (vadddomain + vadduser) without problems, but when I send an email from Gmail to [email protected] (the address I've created) it desappears, it is. But if connect to SMTP server directly (telnet domain.com 25) and post an email it arrives to the user queue. What's happening?!? Note: If I try to access to my user through telnet domain.com 110 it seems my pwd is not correct and it's the same I used when created the user with vadduser

  Read the article

• Multicasting Windows 7 Image

  - by LawnChairSkank

  I am trying to deploy some new machines with windows 7 for the first time in our computer labs. We used to use third party imaging software and then run sysprep after the image was copied(XP), but it seems you can't go that route with windows 7. We set up a new imaging server with the windows system image manager, but when we try to multicast the image it pretty much takes down our whole staff and faculty network. I heard you can turn on a multicast feature on our cisco switches to help with the issue, but that it also slows the switches to a crawl. Another idea we have tried was pulling the the computer lab switch off the main network and plugging the imaging server directly into the computer lab switch so the multicast doesn't take down our network, but it doesn't seem to work without being able to hit a domain controller. Is there a way to multicast without taking out the network? I feel like I am missing something... Thanks in advance

  Read the article

• I added some options to stop spam with Postfix, but now won't send email to remote domains

  - by willdanceforfun

  I had a working Postfix server, but added a few lines to my main.cf in a hope to block some common spam. Those lines I added were: smtpd_helo_required = yes smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, permit It appears my postfix is now receiving normal emails fine, and blocking spam emails. But when I now try to use this server myself to send to a remote domain (an email not on my server) I get bounced, with maillog saying something like this: Nov 12 06:19:36 srv postfix/smtpd[11756]: NOQUEUE: reject: RCPT from unknown[xx.xx.x.xxx]: 450 4.1.2 <[email protected]>: Recipient address rejected: Domain not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[192.168.1.100]> Is that saying 'domain not found' for gmail.com? Why is that recipient address rejected? An output of my postconf-n is: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = primarydomain.net myhostname = mail.primarydomain.net myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relay_domains = $mydestination, primarydomain.net, secondarydomain.org sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_client_restrictions = permit_sasl_authenticated smtpd_helo_required = yes smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com, permit smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain soft_bounce = no unknown_local_recipient_reject_code = 550 virtual_alias_domains = mail.secondarydomain.org virtual_alias_maps = hash:/etc/postfix/virtual Any insight greatly appreciated. Edit: here is the dig mx gmail.com from the server: ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> mx gmail.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31766 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 14 ;; QUESTION SECTION: ;gmail.com. IN MX ;; ANSWER SECTION: gmail.com. 1207 IN MX 5 gmail-smtp-in.l.google.com. gmail.com. 1207 IN MX 30 alt3.gmail-smtp-in.l.google.com. gmail.com. 1207 IN MX 20 alt2.gmail-smtp-in.l.google.com. gmail.com. 1207 IN MX 40 alt4.gmail-smtp-in.l.google.com. gmail.com. 1207 IN MX 10 alt1.gmail-smtp-in.l.google.com. ;; AUTHORITY SECTION: gmail.com. 109168 IN NS ns1.google.com. gmail.com. 109168 IN NS ns4.google.com. gmail.com. 109168 IN NS ns3.google.com. gmail.com. 109168 IN NS ns2.google.com. ;; ADDITIONAL SECTION: alt1.gmail-smtp-in.l.google.com. 207 IN A 173.194.70.27 alt1.gmail-smtp-in.l.google.com. 248 IN AAAA 2a00:1450:4001:c02::1b gmail-smtp-in.l.google.com. 200 IN A 173.194.67.26 gmail-smtp-in.l.google.com. 248 IN AAAA 2a00:1450:400c:c05::1b alt3.gmail-smtp-in.l.google.com. 207 IN A 74.125.143.27 alt3.gmail-smtp-in.l.google.com. 249 IN AAAA 2a00:1450:400c:c05::1b alt2.gmail-smtp-in.l.google.com. 207 IN A 173.194.69.27 alt2.gmail-smtp-in.l.google.com. 248 IN AAAA 2a00:1450:4008:c01::1b alt4.gmail-smtp-in.l.google.com. 207 IN A 173.194.79.27 alt4.gmail-smtp-in.l.google.com. 249 IN AAAA 2607:f8b0:400e:c01::1a ns2.google.com. 281970 IN A 216.239.34.10 ns3.google.com. 281970 IN A 216.239.36.10 ns4.google.com. 281970 IN A 216.239.38.10 ns1.google.com. 281970 IN A 216.239.32.10

  Read the article

• Puppet and launchd services?

  - by Joel Westberg

  We have a production environment configured with Puppet, and want to be able to set up a similar environment on our development machines: a mix of Red Hats, Ubuntus and OSX. As might be expected, OSX is the odd man out here, and sadly, I'm having a lot of trouble with getting this to work. My first attempt was using macports, using the following declaration: package { 'rabbitmq-server': ensure => installed, provider => macports, } but this, sadly, generates the following error: Error: /Stage[main]/Rabbitmq/Package[rabbitmq-server]: Could not evaluate: Execution of '/opt/local/bin/port -q installed rabbitmq-server' returned 1: usage: cut -b list [-n] [file ...] cut -c list [file ...] cut -f list [-s] [-d delim] [file ...] while executing "exec dscl -q . -read /Users/$env(SUDO_USER) NFSHomeDirectory | cut -d ' ' -f 2" (procedure "mportinit" line 95) invoked from within "mportinit ui_options global_options global_variations" Next up, I figured I'd give homebrew a try. There is no package provider available by default, but puppet-homebrew seemed promising. Here, I got much farther, and actually managed to get the install to work. package { 'rabbitmq': ensure => installed, provider => brew, } file { "plist": path => "/Library/LaunchDaemons/homebrew.mxcl.rabbitmq.plist", source => "/usr/local/opt/rabbitmq/homebrew.mxcl.rabbitmq.plist", ensure => present, owner => root, group => wheel, mode => 0644, } service { "homebrew.mxcl.rabbitmq": enable => true, ensure => running, provider => "launchd", require => [ File["/Library/LaunchDaemons/homebrew.mxcl.rabbitmq.plist"] ], } Here, I don't get any error. But RabbitMQ doesn't start either (as it does if I do a manual load with launchctl) [... snip ...] Debug: Executing '/bin/launchctl list' Debug: Executing '/usr/bin/plutil -convert xml1 -o /dev/stdout /Library/LaunchDaemons/homebrew.mxcl.rabbitmq.plist' Debug: Executing '/usr/bin/plutil -convert xml1 -o /dev/stdout /var/db/launchd.db/com.apple.launchd/overrides.plist' Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host Debug: Finishing transaction 2248294820 Debug: Storing state Debug: Stored state in 0.01 seconds Finished catalog run in 25.90 seconds What am I doing wrong?

  Read the article

• Possible to use DRBD on two ESXi virtualized servers?

  - by chen

  I have two servers (attached disks have been set up as hardware RAID1 for disk device level failure resilience). Here is the setup in my mind: 1) Install ESXi on each of the physical server, M1, M2; 2) Start one VM on each of the ESXi virtualized physical server V1, V2; 3) Install the DRDB drivers within V1 and V2. Essentially, this is a "virtualizing machine running DRBD in the VM's instead of bare metal hardware" idea. My question is whether the above setup can achieve the same "networked RAID1" goal that DRDB can achieve in the bare-metal physical machines (http://www.drbd.org/). Thanks. [EDIT] I found this (http://serverfault.com/questions/49305/drbd-experimentation-and-virtualization) is a similar question, but the answer does not seem to be firmative enough for me to follow.

  Read the article

• Can't access newly created Subversion repos

  - by Jean-François G. B.

  Sorry in advance, I'm pretty new in server configuration. So I followed this tutorial to install Subversion on my CentOS server. I'm at the part I should test the URL to make sure I can access it and that it's password protected, but it's not working, I can't access it. What is wrong? Is there some config missing? I don't know what more details to give, but if you need some, please ask! :) Thanks in advance.

  Read the article

• Redirect to new domain and preserve username

  - by David Brown

  I recently switched to a new domain for a version control server I run. The server is usually accessed with a username included in the url such as https://[email protected]/some/stuff. I want to redirect requests to the old domain to the new domain and preserve everything else in the url (including the username). So the former url would be redirected to https://[email protected]/some/stuff. Currently I have the following rewrite condition and rule: RewriteCond %{HTTP_HOST} sub\.olddomain\.com RewriteRule (.*) https://sub.newdomain.net$1 [R=301,L] This works except it drops the userinfo part of the URL. Is there a way I can preserve the user info?

  Read the article

• Get-QADComputer -LdapFilter & NOT operator

  - by dboftlp

  I'm having issues excluding an OU from my LDAP filter $DaysAgo = (Get-Date).AddDays(-31) $ft = $DaysAgo.ToFileTime() Get-QADComputer -SizeLimit 0 -IncludeAllProperties -SearchRoot 'DC=My,DC=Domain,DC=Local' -LdapFilter "(&(objectcategory=computer)(lastLogonTimeStamp<=$ft) (!(ou:dn:=DisabledPCs))(|(operatingsystem=Windows 2000 Professional) (operatingSystem=Windows XP*)(operatingSystem=Windows 7*) (operatingSystem=Windows Vista*)(operatingsystem=Windows 2000 Server) (operatingsystem=Windows Server*)))" I'm looking to query for all Windows OS systems that haven't logged in to AD for more than 31 days & that are not already in the OU "DisabledPCs", which is where I'll be moving them to. When I run it now, I'm getting all the systems I'm looking for, including those in the "DisabledPCs" OU... I've tried several variations including: (&(!(ou:dn:=DisabledPCs))) As well as putting it in different locations in the filter (not that I thought it would make a difference, but I obviously don't know that...) Thanks in advance for any help, -dboftlp

  Read the article

• OpenVPN - client-to-client traffic working in one direction but not the other

  - by Pawz

  I have the following VPN configuration: +------------+ +------------+ +------------+ | outpost |----------------| kino |----------------| guchuko | +------------+ +------------+ +------------+ OS: FreeBSD 6.2 OS: Gentoo 2.6.32 OS: Gentoo 2.6.33.3 Keyname: client3 Keyname: server Keyname: client1 eth0: 10.0.1.254 eth0: 203.x.x.x eth0: 192.168.0.6 tun0: 192.168.150.18 tun0: 192.168.150.1 tun0: 192.168.150.10 P-t-P: 192.166.150.17 P-t-P: 192.168.150.2 P-t-P: 192.168.150.9 Kino is the server and has client-to-client enabled. I am using "fragment 1400" and "mssfix" on all three machines. An mtu-test on both connections is successful. All three machines have ip forwarding enabled, by this on the gentoo boxes: net.ipv4.conf.all.forwarding = 1 And this on the FreeBSD box: net.inet.ip.forwarding: 1 In the server's "ccd" directory is the following files: client1: iroute 192.168.0.0 255.255.255.0 client3: iroute 10.0.1.0 255.255.255.0 The server config has these routes configured: push "route 192.168.0.0 255.255.255.0" push "route 10.0.1.0 255.255.255.0" route 192.168.0.0 255.255.255.0 route 10.0.1.0 255.255.255.0 Kino's routing table looks like this: 192.168.150.0 192.168.150.2 255.255.255.0 UG 0 0 0 tun0 10.0.1.0 192.168.150.2 255.255.255.0 UG 0 0 0 tun0 192.168.0.0 192.168.150.2 255.255.255.0 UG 0 0 0 tun0 192.168.150.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 Outpost's like this: 192.168.150 192.168.150.17 UGS 0 17 tun0 192.168.0 192.168.150.17 UGS 0 2 tun0 192.168.150.17 192.168.150.18 UH 3 0 tun0 And Guchuko's like this: 192.168.150.0 192.168.150.9 255.255.255.0 UG 0 0 0 tun0 10.0.1.0 192.168.150.9 255.255.255.0 UG 0 0 0 tun0 192.168.150.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 Now, the tests. Pings from Guchuko to Outpost's LAN IP work OK, as does the reverse - pings from Outpost to Guchuko's LAN IP. However... Pings from Outpost, to a machine on Guchuko's LAN work fine: .(( root@outpost )). (( 06:39 PM )) :: ~ :: # ping 192.168.0.3 PING 192.168.0.3 (192.168.0.3): 56 data bytes 64 bytes from 192.168.0.3: icmp_seq=0 ttl=63 time=462.641 ms 64 bytes from 192.168.0.3: icmp_seq=1 ttl=63 time=557.909 ms But a ping from Guchuko, to a machine on Outpost's LAN does not: .(( root@guchuko )). (( 06:43 PM )) :: ~ :: # ping 10.0.1.253 PING 10.0.1.253 (10.0.1.253) 56(84) bytes of data. --- 10.0.1.253 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms Guchuko's tcpdump of tun0 shows: 18:46:27.716931 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 1, length 64 18:46:28.716715 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 2, length 64 18:46:29.716714 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 3, length 64 Outpost's tcpdump on tun0 shows: 18:44:00.333341 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 3, length 64 18:44:01.334073 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 4, length 64 18:44:02.331849 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 5, length 64 So Outpost is receiving the ICMP request destined for the machine on it's subnet, but appears not be forwarding it. Outpost has gateway_enable="YES" in its rc.conf which correctly sets net.inet.ip.forwarding to 1 as mentioned earlier. As far as I know, that's all that's required to make a FreeBSD box forward packets between interfaces. Is there something else I could be forgetting ? FWIW, pinging 10.0.1.253 from Kino has the same result - the traffic does not get forwarded. UPDATE: I've found that I can only ping certain IP's on Guchuko's LAN from Outpost. From Outpost I can ping 192.168.0.3 and 192.168.0.2, but 192.168.99 and 192.168.0.4 are unreachable. The same tcpdump behavior can be seen. I think this means the problem can't be due to ipforwarding or routing, because Outpost can reach SOME hosts on Guchuko's LAN but not others and likewise, Guchuko can reach two hosts on Outpost's LAN, but not others. This baffles me.

  Read the article

< Previous Page | 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318  | Next Page >