Search Results

Search found 11364 results on 455 pages for 'port blocking'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 199/455 | < Previous Page | 195 196 197 198 199 200 201 202 203 204 205 206  | Next Page >

  • Shared firewall or multiple client specific firewalls?

    - by Tauren
    I'm trying to determine if I can use a single firewall for my entire network, including customer servers, or if each customer should have their own firewall. I've found that many hosting companies require each client with a cluster of servers to have their own firewall. If you need a web node and a database node, you also have to get a firewall, and pay another monthly fee for it. I have colo space with several KVM virtualization servers hosting VPS services to many different customers. Each KVM host is running a software iptables firewall that only allows specific ports to be accessed on each VPS. I can control which ports any given VPS has open, allowing a web VPS to be accessed from anywhere on ports 80 and 443, but blocking a database VPS completely to the outside and only allowing a certain other VPS to access it. The configuration works well for my current needs. Note that there is not a hardware firewall protecting the virtualization hosts in place at this time. However, the KVM hosts only have port 22 open, are running nothing except KVM and SSH, and even port 22 cannot be accessed except for inside the netblock. I'm looking at possibly rethinking my network now that I have a client who needs to transition from a single VPS onto two dedicated servers (one web and one DB). A different customer already has a single dedicated server that is not behind any firewall except iptables running on the system. Should I require that each dedicated server customer have their own dedicated firewall? Or can I utilize a single network-wide firewall for multiple customer clusters? I'm familiar with iptables, and am currently thinking I'll use it for any firewalls/routers that I need. But I don't necessarily want to use up 1U of space in my rack for each firewall, nor the power consumption each firewall server will take. So I'm considering a hardware firewall. Any suggestions on what is a good approach?

    Read the article

  • DL380 G7: Not able to access ILO on DL380 via ssh from a client

    - by user117140
    I have problem where I can't access my ILO(ssh to ILO IP) thru client which is in different network.I am able to ping ILO IP thru this clinet but ssh access is not possible. Is it possible to have ssh to ILO IP from a client which is in different network? FYI, from the same client I can do ssh to server application IP but ssh to this server ILO IP is not possible. Kindly help? Some more info added: ILO IP address is 10.247.172.70 and its VLAN is different than Client VLAN. Client IP address is 10.247.167.80. ping to ILO IP from this client is possible but not ssh. I can do ssh to ILO IP if I try to do it from the server(hostname:node1) having ILO port or from the other node of this cluster itself,So ssh login is enabled. [root@node1 ~]$ssh -v 10.247.173.70 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 10.247.173.70 [10.247.173.70] port 22. [root@node1 ~]$ping 10.247.173.70 PING 10.247.173.70 (10.247.173.70) 56(84) bytes of data. 64 bytes from 10.247.173.70: icmp_seq=1 ttl=254 time=0.283 ms 64 bytes from 10.247.173.70: icmp_seq=2 ttl=254 time=0.344 ms 64 bytes from 10.247.173.70: icmp_seq=3 ttl=254 time=0.324 ms 64 bytes from 10.247.173.70: icmp_seq=4 ttl=254 time=0.367 ms

    Read the article

  • VMWare Host Not Responding - VMs are Disconnected (ESXi 3.5)

    - by EyeonTech
    I have inherited a VMWare environement ESX v3i 3.5. I am not fluent with VMWare ESXi so bare with me. Two days ago, when I opened Virtual Centre, one of the Hosts showed up as Not Responding. The error I am seeing is:----- Unable to acquire licenses because license source is unavailable: The license manager has not been started yet, the wrong port@host or license file is being used, or the port or hostname in the license file has been changed. What I have tried: I have Stopped and Started the license server within the application. When I do this, I am able to disconnect the host in Virtual Centre and reconnect. This brings the host back online, but a few minutes later, the host goes to a not responding state again. I have rebooted the server with the Licensing software installed. While browsing Google, I have not been able to find any steps I feel comfortable performing and I would like the opinion of the VMWare pros. Where are the log files I should be looking at to correctly determine what is going on? Has anyone seen this behaviour and how did you resolve it? Thank you

    Read the article

  • network latency, TCP and UDP packets

    - by user115848
    Hello recently my network has started to cause me lots of problems. I have a cable modem, connected to a tp-link router (with some port forwarding). Everything was working fine then i started to get lots of udp (port 53) "UNREPLIED" logs in the router. Now there are tcp UNREPLIED logs too. This is causing lots of latency and failed connections when trying to connect to different internet sites. Also, we run an openfire server for spark connections, and I believe its causing connectivity issues for some users who are trying to connect using Spark (some people connect fine, others don't). Please see screen shot below for packet logs. It has to be something internally, as I connected straight to the comcast modem and i was able to connect to the internet and various sites as normal. I tried to swap out the router with a different and got the same issue. I scanned both my internal dns servers for viruses or malware and it came up empty. Another anomaly is that when i try to connect to www.cnn.com, i get redirected to the different site. I scanned my own machine for hijacks. Not sure if this is related to the networking issue. Please let me know if you have any ideas for troubleshooting.

    Read the article

  • Programmer configuring a new network

    - by David Lively
    I'm in the process of expanding my home network from a couple of laptops on a wireless Verizon FiOS router to include: Linksys 24-port switch Cisco Pix 515 Cisco 3640 router One new development desktop and three new machines to act as a db server, web server and a backup system. My company is moving offices and we've decommissioned some older hardware, which I was able to pick up for the cost of the labor to move it home from the office. The benefits to working with dedicated web and db servers are very valuable to me. I know very little about network topology, other than that everything plugs into the switch, which then plugs into the cheap Verizon router. (Verizon provides a coax connection that the router must translate into Ethernet before I can use it with any of this equipment). Questions: What is the recommended topology for this equipment? Verizon router - Pix - 3600 - switch? Is the 3600 even necessary or desirable? The Verizon router has one WAN port and 4 client ports, all 10/100. Is there any performance benefit at all to wiring multiple connections from the verizon router to the switch, assuming I don't use the Pix? Should I use the Pix? Software firewalls are a pain, and seem silly if I have a device like this lying around. Anything else I should know? Am I wasting my time with this? I also obtained a 7 foot rack, shelves, patch panels, UPS, patch panels, etc, which are going into a conveniently air conditioned closet. All constructive advice appreciated.

    Read the article

  • Running docker in VPC and accessing container from another VPC machine

    - by Bogdan Gaza
    I'm having issues while running docker in AWS VPC. Here is my setup: I've got two machines running in VPC: 10.0.100.150 10.0.100.151 both having an elastic IPs assigned to them, both running in the same internet enabled subnet. Let's say I'm running a web server that serves static files in a container on the 10.0.100.150 machine the container: IP: 172.17.0.2 port 8111 is forwarded on the 8111 port on the machine. I'm trying to access the static files from my local machine (or another non-VPC machine also tried an EC2 instance not running in the VPC) and it work flawlessly. If I try to access the files from the other machine (10.0.100.151) it hangs. I'm using wget to pull the files. Tried to debug it with tcpdump and ngrep and that I have seen is that the request reaches the container. If I ngrep on the host machine I see the requests going in but no response going back. If I ngrep on the container I see the requests going in and the response going back. I've tried multiple iptables setups (with postrouting enabled, with manually forwarding ports etc) but no success. Help in any way - even debugging directions would be much appreciated. Thanks!

    Read the article

  • Connecting a network printer via a Thecus N2100 - works in Vista, not in Windows 7

    - by Jon Skeet
    I have a Lexmark E250d printer attached to a Thecus N2100 NAS. On Windows Vista I've managed to configure this using an "Internet" printer port with the URL of http://thecus:631/printers/usb-printer. I can add a printer in a similar way in Windows 7, but it never manages to print the test page. If I go to "Configure Port" in Vista, it just has "Security Options" - on Windows 7 it's asking about Raw mode vs LPR mode etc. On Vista I'm using an E250d-specific driver from Lexmark; on Windows 7 there's a Microsoft E250d driver, or a Universal PCL XL driver from Lexmark... I wouldn't expect this different to be related to the problem, but I thought I'd mention it anyway. (Lexmark doesn't have a Windows 7 E250d-specific driver as far as I can see.) Any suggestions? I was thinking of upgrading my main laptop from Vista to Windows 7, but I'd really like to get this sorted first... EDIT: If I connect to http://thecus:631/printers/usb-printer via Chrome while capturing with Wireshark, I get this response: HTTP/1.1 200 OK Date: Wed, 06 Jan 2010 16:47:23 GMT Connection: Keep-Alive Keep-Alive: timeout=60 Content-Language: C Transfer-Encoding: chunked Content-Type: text/html;charset=iso-8859-1 0 No idea what that's meant to be doing... EDIT: On further consultation, this would appear to be the Internet Printing Protocol which is layered on HTTP. Printing a test page successfully from Vista posts to that URL. Will attempt the same on Windows 7...

    Read the article

  • Apache2.2 not responding on Windows 7 desktop

    - by Adam
    Afternoon! I'm having some trouble with Apache2.2 on Windows 7. For over a year it's been running no problem, but all of a sudden requests have just stopped responding. They don't ever time out, the browser just keeps on waiting for a response, which makes me think it's something blocking communication with Apache. Interestingly though, if I stop Apache the requests fail immediately. The Apache service is running, and using netstat I can see it listening on port 80 as configured: TCP 127.0.0.1:80 0.0.0.0:0 LISTENING If I stop the Apache service, that line disappears. I have an entry within my hosts file for each VHost I'm trying, all pointing to 127.0.0.1. Each VHost is configured to *:80. Nothing however is getting recorded in the access or error (at debug level) log files. I've verified the file paths are correct, even though they were never changed. Neither is anything getting recorded within Windows' Event Log. The problem showed up when I added a new VHost and restarted, however I hadn't been using it for a couple of days prior so I don't believe it's the config change. I have performed a syntax check to be sure, and when starting from the command prompt no errors are reported there. I do have Windows Firewall running, however I've verified the Apache rule is correct and tried turning it off to ensure that wasn't the problem. I've reinstalled Apache, in the hope it might magically fix something using the default config, but still no joy. I've also tried using a different port. I'm completely lost for ideas now. Can anybody help? Cheers Adam

    Read the article

  • Cisco QoS Guidance

    - by Kyle Brandt
    I have a 10M connection to the internet that is hooked into a 100M port. I am getting started with QoS, and am hopping for a little guidance on setting it up on a Cisco 3825 router. Right now I am going forward with the idea that I have to implement it on my router, and the provider can't provide QoS for me. How I envision it working is that the QoS will drop or queue packets on my router and that will help prevent a situation where the provider has to start dropping a lot of packets. Right now all I am tasked with is making sure that one of the 3 LANs gets a certain slice (say 3M for Gig Lan1) of the 10M internet connection (But ideally this will be more flexible in the Future). 10M Internet on 100M port on HWIC-4ESW +-----------------------+ | | Gig Lan1 | Cisco 3825 | Lan3 on HWIC-4ESW | | +-----------------------+ Gig Lan2 I need to learn more about QoS, but having a target technology and maybe example configuration will help me wrap my head around the reading I am doing a little more. Which Cisco QoS Technology do you recommend for this particular situation? Have a basic sample config of how this might work? Right now the 10M line is not congested, so this more to have something in place in case it starts to become mildly congested in the future. I do have VOIP at one location connected to this one over the Internet that goes through a VPN tunnel. Everything else that is between this location and other offices is on a separate MPLS network.

    Read the article

  • Mac OS X - configuring ntpd server with on LAN with D-Link DIR-655

    - by Mark C
    Hey all, This question is pretty specific, but I hope someone will have seen this error elsewhere. I a configuring a machine running OS X 10.5.8 to be an NTP server for machines connected to a LAN that is not connected to the Internet. I am not too worried about knowing the "right" time on all the machines, but rather worried about making sure everyone has the same notion of time. I configured the NTP daemon on Mac by turning on the Set date and time automatically in System Preferences, using the server's clock, 127.127.1.0 as the reference clock. I figured I should see if the server can NTP query itself before proceeding to the clients. The weird part is when I run the ntpq -p command in a command-prompt when connected to my D-Link DIR-655 (firmware: 1.33), it hangs for about a minute or so each time before finally giving me some output. I thought the problem might have to do with Port Forwarding, so I configured the router to forward port 123 for the IP of the server, but that did not improve the situation. When I run the ntpq -p command on my school's network, on a Linksys WRT54G router, or with the wireless Airport card turned off - I have absolutely no problems - the command returns a response instantly. Is this normal? I can see why a query might take a minute or so, but I don't understand why one router does it faster than the other. I tried messing around with the ntp.conf file adding the burst, minpoll, and maxpoll options: server 127.127.1.0 burst minpoll 4 maxpoll 5 Figuring that perhaps I am polling too often and the configuration file is slowing me down, but even with this, the ntpq still hangs on the D-Link DIR-655, but does just fine on the other routers. Any thoughts on where the lag is coming from or if the lag is even a problem?

    Read the article

  • How to connect to Oracle DB via ODBC

    - by Mat
    I am attempting to connect to a remote Oracle DB via ODBC. I am totally inexperienced and fail to connect. What I have installed: Oracle 'ODBC Driver for RDB' A program I want to connect from (Altova Mapforce, an ETL) What I do: Under Administrative tools I open the Windows "ODBC Data Source Administrator I click 'Add..' and select the Oracle ODBC Driver The Window 'Oracle RDB Driver Setup' opens. I fill in: Data source name: free choice Description: I leave blank Transport: I choose TCP/IP Server: I input the IP address of the server Service: I leave 'generic' UserID: I enter the user name (that belongs to the password I have) Attach Statement: no idea what do do here?? Upon choosing 'OK', the 'Oracle RDB ODBC Driver Connect' opens and I am prompted the password. I enter the password and the connection fails. Questions Do I need further programs on my computer, e.g. the Oracle client of Instant client? I am never prompted the port of the server - isn't this relevant? I am never prompted SID - isn't this relevant? I connected from SQL developer easily - it prompted only server IP, port, username, password and SID.

    Read the article

  • simple apache2 reverse proxy setup not working

    - by Nick
    I know what proxy is (very high level), it's just I have never set up one, and it feels like I might be missing some big fat point here. My setup: client server (static IP), runs apache on port 80 proxy (has 2 network cards, one is on the clients network, the other one with a static IP on the server network), runs apache on port 80 I am trying to configure these three machines so that when client requests: http://proxy/machine1 It gets served server's pages at server root URL, i.e. http://server/ I can access client pages just fine. However, when I try accessing a page from the client machine, it simply gets redirected to server's IP address, which it clearly can't access since they are not on the same network: ... <meta http-equiv="REFRESH" content="0;url=http://server/machine1"></meta> <title>Redirect</title> ... My apache2 config is: LoadModule proxy_module /modules/mod_proxy.so LoadModule proxy_http_module /modules/mod_proxy_http.so ProxyRequests off <Proxy *> Order Allow,Deny Allow from all </Proxy> ProxyPass /machine1 http://server:80 <Location /machine1> ProxyPassReverse / </Location> What gives? Thanks!

    Read the article

  • Cannot access firewalled jboss server from Internet Explorer

    - by Simon Gibbs
    I've produced a website for a client One Single Menu using JBoss and hosted it on Rackspace Cloud Servers running Ubuntu's Maverick Meerkat. Following advice, I esablished some iptables rule to protect jboss: iptables -I INPUT 1 -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -I INPUT -p tcp --dport 8080 -j ACCEPT iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -A INPUT -j DROP Now, several versions of IE on several computers on at least two different ISPs cannot access the onesinglemenu.com. Curl from within the datacenter, Firefox, and Safari on the same ISPs can all access the server fine. I even tried IE and Firefox on the same computer and IE failed but Firefox worked. The error behaviour is that IE hangs on connecting without reporting an error, even after a minute or so. No page is displayed at all. I find it quite odd that I'm having a browser specific connection issue, but it appears to be the case. Help!

    Read the article

  • How can I write automated tests for iptables?

    - by Phil Frost
    I am configuring a Linux router with iptables. I want to write acceptance tests for the configuration that assert things like: traffic from some guy on the internet is not forwarded, and TCP to port 80 on the webserver in the DMZ from hosts on the corporate LAN is forwarded. An ancient FAQ alludes to a iptables -C option which allows one to ask something like, "given a packet from X, to Y, on port Z, would it be accepted or dropped?" Although the FAQ suggests it works like this, for iptables (but maybe not ipchains as it uses in the examples) the -C option seems to not simulate a test packet running through all the rules, but rather checks for the existence for an exactly matching rule. This has little value as a test. I want to assert that the rules have the desired effect, not just that they exist. I've considered creating yet more test VMs and a virtual network, then probing with tools like nmap for effects. However, I'm avoiding this solution due to the complexity of creating all those additional virtual machines, which is really quite a heavy way to generate some test traffic. It would also be nice to have an automated testing methodology which can also work on a real server in production. How else might I solve this problem? Is there some mechanism I might use to generate or simulate arbitrary traffic, then know if it was (or would be) dropped or accepted by iptables?

    Read the article

  • How do I use a Minitel terminal as a linux dumb terminal

    - by Pawz
    I recently purchased a US version of the Alcatel Minitel terminal. I think it's a 1B version. Pictures of it here: I tried connecting a null modem to the 25 pin port on the back and plugging it into a linux box running agetty but I couldn't get it to show any signs of being connected. I used Google Translate to translate this document into English: http://mirabellug.org/wikini/upload/Documentations_minitel.pdf As far as I can tell, you take it out of videotex mode by typing Fcnt-T A, then turn off local echo with Fcnt-T E, then set it to 4800 baud with Fcnt-P 4. I presume Fcnt refers to the "CTRL" key on my terminal. But I think I'm doing something wrong, because it doesn't look like it's recognising the keystrokes, because "Fcnt-T A" just prints the letter A to the screen, which is not what you'd expect a function key combo to do. Has anyone used these minitel terminals as a linux terminal, and if so, please can you share how to configure the minitel to run as a terminal ? Is the 25 pin plug even the correct port to use ? I read something online that indicated you're supposed to use the 5 pin DIN plug instead, is that right ? If so, what's the 25 pin plug for ? If I am supposed to use the DIN plug, does anyone know the pinouts so I can make a cable ?

    Read the article

  • Migrating to CF9: trouble getting JRun working with SSL

    - by DaveBurns
    I have a client on MX7 who wants to migrate to CF9. I have a dev environment for them on my WinXP machine where I've configured MX7 to run with JRun's built-in web server. I've had that working for a long time with both regular and SSL connections. I installed CF9 yesterday side-by-side with the existing MX7 install to start testing. The install was smooth and detected MX7, adjusted CF9's port numbers for no conflict, etc. Testing started well: MX7 over regular and SSL still worked and CF9 worked over regular HTTP. But I can't get CF9 to work with SSL. I installed a new certificate with keytool, FireFox (v3.6) complained about it being unsigned, I added it to the exception list, and now I get this: Secure Connection Failed An error occurred during a connection to localhost:9101. Peer reports it experienced an internal error. (Error code: ssl_error_internal_error_alert) I've been Googling that in all variations but can't find much help to get past this. I don't see any info in any log files either. FWIW, here's my SSL config from SERVER-INF/jrun.xml: <service class="jrun.servlet.http.SSLService" name="SSLService"> <attribute name="enabled">true</attribute>` <attribute name="interface">*</attribute> <attribute name="port">9101</attribute> <attribute name="keyStore">{jrun.rootdir}/lib/mykey</attribute> <attribute name="keyStorePassword">*deleted*</attribute> <attribute name="trustStore">{jrun.rootdir}/lib/trustStore</attribute> <attribute name="socketFactoryName">jrun.servlet.http.JRunSSLServerSocketFactory</attribute> <attribute name="deactivated">false</attribute> <attribute name="bindAddress">*</attribute> <attribute name="clientAuth">false</attribute> </service> Anyone here know of any issues re setting up SSL and CF9? Anyone had success with it? Dave

    Read the article

  • How to find the real IP to which IPVS is routing a virtual IP

    - by Wayne Conrad
    I'm trying to find a problem server hiding behind a virtual IP (using LVS/ipvs). I've got a test program that sends requests to the virtual IP until it gets the bad response, but how can I tell to which real IP a request to the virtual IP got routed? On the box doing the virtual IP magic, here's the virtual IP configuration (for the service I care about): IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn ... TCP 10.1.0.254:5025 nq -> 10.1.0.5:5025 Route 1 0 1 -> 10.1.0.6:5025 Route 1 0 5 -> 10.1.0.7:5025 Route 1 0 2 -> 10.1.0.9:5025 Local 1 0 3 -> 10.1.0.11:5025 Route 1 0 3 ... My client program is sending TCP requests to 10.1.0.254:5025, usually getting a good response but sometimes a bad response. With this few servers, I could send my request to each server in turn until I discover the culprit, but I wonder if that technique will scale as we add servers. What means exist for me to find out where requests got routed? Kernel: Linux 2.6.32 OS: Debian testing (whatever that's called these days). ipvsadm is version 1.25, compiled with ipvs v1.2.1

    Read the article

  • Mysql master-master not replicating

    - by frankil
    I'm setting up a master-master mysql replication on two servers (db1 and db2). I started with setting up db2 as a slave to db1 and that works fine. But when I set up db1 as a slave to db2 it isn't replicating. On the face of it everything looks fine but the data isn't replicating. There are no errors in either of the error logs. The slave status is updating the bin log position. I have used mysqlbinlog to examine both the binlog on the db2 and the relay log on db1 and all of the queries are going in there, but not being executed to db1. "show slave status" on both servers shows that both the slave io and sql threads are "Yes" and that the relay log position is updated by the sql thread. Also on both servers: >echo "show processlist" | mysql | grep "system user" 166819 system user NULL Connect 3655 Waiting for master to send event NULL 166820 system user NULL Connect 3507 Has read all relay log; waiting for the slave I/O thread to update it NULL Relevant config for db1: server-id = 1 log-slave-updates replicate-same-server-id = 0 auto_increment_increment = 4 auto_increment_offset = 1 master-host = db2 master-port = 3306 master-user = slaveuser master-password = *** skip-slave-start sync_binlog = 1 binlog-ignore-db=mysql Config for db2 server-id = 2 log-slave-updates replicate-same-server-id = 0 auto_increment_increment = 4 auto_increment_offset = 2 master-host = db1 master-port = 3306 master-user = slaveuser master-password = *** sync_binlog = 1 relay-log=mysql-relay-bin binlog-ignore-db=mysql What else can I look for to make sure db1 executes the queries from db2?

    Read the article

  • publickey authentication only works with existing ssh session

    - by aaron
    publickey authentication only works for me if I've already got one ssh session open. I am trying to log into a host running Ubuntu 10.10 desktop with publickey authentication, and it fails when I first log in: [me@my-laptop:~]$ ssh -vv host ... debug1: Next authentication method: publickey debug1: Offering public key: /Users/me/.ssh/id_rsa ... debug2: we did not send a packet, disable method debug1: Next authentication method: password me@hosts's password: And the /var/log/auth.log output: Jan 16 09:57:11 host sshd[1957]: reverse mapping checking getaddrinfo for cpe-70-114-155-20.austin.res.rr.com [70.114.155.20] failed - POSSIBLE BREAK-IN ATTEMPT! Jan 16 09:57:13 host sshd[1957]: pam_sm_authenticate: Called Jan 16 09:57:13 host sshd[1957]: pam_sm_authenticate: username = [astacy] Jan 16 09:57:13 host sshd[1959]: Passphrase file wrapped Jan 16 09:57:15 host sshd[1959]: Error attempting to add filename encryption key to user session keyring; rc = [1] Jan 16 09:57:15 host sshd[1957]: Accepted password for astacy from 70.114.155.20 port 42481 ssh2 Jan 16 09:57:15 host sshd[1957]: pam_unix(sshd:session): session opened for user astacy by (uid=0) Jan 16 09:57:20 host sudo: astacy : TTY=pts/0 ; PWD=/home/astacy ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/auth.log The strange thing is that once I've got this first login session, I run the exact same ssh command, and publickey authentication works: [me@my-laptop:~]$ ssh -vv host ... debug1: Server accepts key: pkalg ssh-rsa blen 277 ... [me@host:~]$ And the /var/log/auth.log output is: Jan 16 09:59:11 host sshd[2061]: reverse mapping checking getaddrinfo for cpe-70-114-155-20.austin.res.rr.com [70.114.155.20] failed - POSSIBLE BREAK-IN ATTEMPT! Jan 16 09:59:11 host sshd[2061]: Accepted publickey for astacy from 70.114.155.20 port 39982 ssh2 Jan 16 09:59:11 host sshd[2061]: pam_unix(sshd:session): session opened for user astacy by (uid=0) What do I need to do to make publickey authentication work on the first login? NOTE: When I installed Ubuntu 10.10, I checked the 'encrypt home folder' option. I'm wondering if this has something to do with the log message "Error attempting to add filename encryption key to user session keyring"

    Read the article

  • placing shell script under systemd control

    - by Calvin Cheng
    Assuming I have a shell script like this:- #!/bin/sh # cherrypy_server.sh PROCESSES=10 THREADS=1 # threads per process BASE_PORT=3035 # the first port used # you need to make the PIDFILE dir and insure it has the right permissions PIDFILE="/var/run/cherrypy/myproject.pid" WORKDIR=`dirname "$0"` cd "$WORKDIR" cp_start_proc() { N=$1 P=$(( $BASE_PORT + $N - 1 )) ./manage.py runcpserver daemonize=1 port=$P pidfile="$PIDFILE-$N" threads=$THREADS request_queue_size=0 verbose=0 } cp_start() { for N in `seq 1 $PROCESSES`; do cp_start_proc $N done } cp_stop_proc() { N=$1 #[ -f "$PIDFILE-$N" ] && kill `cat "$PIDFILE-$N"` [ -f "$PIDFILE-$N" ] && ./manage.py runcpserver pidfile="$PIDFILE-$N" stop rm -f "$PIDFILE-$N" } cp_stop() { for N in `seq 1 $PROCESSES`; do cp_stop_proc $N done } cp_restart_proc() { N=$1 cp_stop_proc $N #sleep 1 cp_start_proc $N } cp_restart() { for N in `seq 1 $PROCESSES`; do cp_restart_proc $N done } case "$1" in "start") cp_start ;; "stop") cp_stop ;; "restart") cp_restart ;; *) "$@" ;; esac From the bash script, we can essentially do 3 things: start the cherrypy server by calling ./cherrypy_server.sh start stop the cherrypy server by calling ./cherrypy_server.sh stop restart the cherrypy server by calling ./cherrypy_server.sh restart How would I place this shell script under systemd's control as a cherrypy.service file (with the obvious goal of having systemd start up the cherrypy server when a machine has been rebooted)? Reference systemd service file example here - https://wiki.archlinux.org/index.php/Systemd#Using_service_file

    Read the article

  • Is it possible to provide a wired ethernet connection to external devices with an extra LAN card?

    - by Ben McCormack
    I'm trying to provide a wired ethernet connection (wireless is not an option for this device) to a device (Samsung blu-ray player) without running Cat5 cable all over the home. I have a PC sitting next to this device and the PC is connected to the network via a wireless USB adapter. Is it possible to provide a wired connection from the PC to the wired device using the (currently unused) ethernet port in the back of the computer? Here's how I envision the device getting connected to the internet via my network: Linksys WRT54G v8 Wireless Router | ``--> Windows 7 PC connected via wireless | ``--> Blu-ray player connected via wired connection to the ethernet port on the PC. If so, how is this done? Will I need a crossover cable? What settings will I need to change in Windows 7 so that the device can connect? NOTE: I'm trying to avoid having to buy a wireless bridge and/or hacking a router with an open-source firmware to get this to work. See my previous question for more details.

    Read the article

  • smbclient timing out

    - by Sam Lee
    I am trying to set up a Samba share on a Centos machine. I want to connect to this server using smbclient on OS X. Here is what happens: > smbclient -L X.X.X.X timeout connecting to X.X.X.X:445 timeout connecting to X.X.X.X:139 Error connecting to X.X.X.X (Operation already in progress) Connection to X.X.X.X failed What could be going wrong? Here is my iptables dump on the Centos machine (the server): > iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000 And finally, my smb.conf: [global] workgroup = workgroup security = SHARE load printers = No default service = global path = /home available = No encrypt passwords = yes [share] writeable = yes admin users = myusername path = /home/myhome/ force user = root valid users = myusername public = yes available = yes

    Read the article

  • tcp msl timeout implementation in linux

    - by iamrohitbanga
    The following is given in the book TCP IP Illustrated by Stevens Quiet Time Concept The 2MSL wait provides protection against delayed segments from an earlier incarnation of a connection from being interpreted as part of a new connection that uses the same local and foreign IP addresses and port numbers. But this works only if a host with connections in the 2MSL wait does not crash. What if a host with ports in the 2MSL wait crashes, reboots within MSL seconds, and immediately establishes new connections using the same local and foreign IP addresses and port numbers corresponding to the local ports that were in the 2MSL wait before the crash? In this scenario, delayed segments from the connections that existed before the crash can be misinterpreted as belonging to the new connections created after the reboot. This can happen regardless of how the initial sequence number is chosen after the reboot. To protect against this scenario, RFC 793 states that TCP should not create any connections for MSL seconds after rebooting. This is called the quiet time Few implementations abide by this since most hosts take longer than MSL seconds to reboot after a crash. Do operating systems wait for 2MSL seconds now after a reboot before initiating a TCP connection. The boot times are also less these days. Although the ports and sequence numbers are random but is this wait implemented in Linux? Also RFC 793 says that this wait is not required if history is maintained. Does linux maintain any history of used sequence numbers for connections to handle this case?

    Read the article

  • Can't log in using second domain controller when first DC is unreachable

    - by rbeier
    Hi, We're a small web development company. Our domain has two DCs: a main one (BEEHIVE, 192.168.3.20) in the datacenter and a second one (SPHERE2, 10.0.66.19) in the office. The office is connected to the datacenter via a VPN. We recently had a brief network outage in the office. During this outage, we weren't able to access the domain from our office machines. I had hoped that they would fail over to the DC in the office, but that didn't happen. So I'm trying to figure out why. I'm not an expert on Active Directory so maybe I'm missing something obvious. Both domain controllers are running a DNS server. Each office workstation is configured to use the datacenter DC as its primary DNS server, and the office DC as its secondary: DNS Servers . . . . . . . . . . . : 192.168.3.20 10.0.66.19 Both DNS servers are working, and both domain controllers are working (at least, I can connect to them both using AD Users + Computers). Here are the SRV records that point to the domain controllers (I've changed the domain name but I've left the rest alone): C:\nslookup Default Server: beehive.ourcorp.com Address: 192.168.3.20 set type=srv _ldap._tcp.ourcorp.com Server: beehive.ourcorp.com Address: 192.168.3.20 _ldap._tcp.ourcorp.com SRV service location: priority = 0 weight = 100 port = 389 svr hostname = beehive.ourcorp.com _ldap._tcp.ourcorp.com SRV service location: priority = 0 weight = 100 port = 389 svr hostname = sphere2.ourcorp.com beehive.ourcorp.com internet address = 192.168.3.20 sphere2.ourcorp.com internet address = 10.0.66.19 Does anyone have any ideas? Thanks, Richard

    Read the article

  • Test A SSH Connection from Windows commandline

    - by IguanaMinstrel
    I am looking for a way to test if a SSH server is available from a Windows host. I found this one-liner, but it requires the a Unix/Linux host: ssh -q -o "BatchMode=yes" user@host "echo 2>&1" && echo "UP" || echo "DOWN" Telnet'ing to port 22 works, but that's not really scriptable. I have also played around with Plink, but I haven't found a way to get the functionality of the one-liner above. Does anyone know Plink enough to make this work? Are there any other windows based tools that would work? Please note that the SSH servers in question are behind a corporate firewall and are NOT internet accessible. Arrrg. Figured it out: C:\>plink -batch -v user@host Looking up host "host" Connecting to 10.10.10.10 port 22 We claim version: SSH-2.0-PuTTY_Release_0.62 Server version: SSH-2.0-OpenSSH_4.7p1-hpn12v17_q1.217 Using SSH protocol version 2 Server supports delayed compression; will try this later Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange with hash SHA-256 Host key fingerprint is: ssh-rsa 1024 aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa Initialised AES-256 SDCTR client->server encryption Initialised HMAC-SHA1 client->server MAC algorithm Initialised AES-256 SDCTR server->client encryption Initialised HMAC-SHA1 server->client MAC algorithm Using username "user". Using SSPI from SECUR32.DLL Attempting GSSAPI authentication GSSAPI authentication initialised GSSAPI authentication initialised GSSAPI authentication loop finished OK Attempting keyboard-interactive authentication Disconnected: Unable to authenticate C:\>

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 195 196 197 198 199 200 201 202 203 204 205 206  | Next Page >