Search Results

Search found 6753 results on 271 pages for 'forward declaration'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 203/271 | < Previous Page | 199 200 201 202 203 204 205 206 207 208 209 210  | Next Page >

  • Gwibber doesnt launch post upgrade

    - by Arcath
    i updated my pc from ubuntu 9.10 to 10.04 and one of the things i was looking forward too was the "me menu" and gwibber. For some reason gwibber doesnt launch at all. when i try to launch it from terminal i get: [21:02:20][arcath@Highgate ~]$ gwibber ** (gwibber:8182): WARNING **: Trying to register gtype 'WnckWindowState' as enum when in fact it is of type 'GFlags' ** (gwibber:8182): WARNING **: Trying to register gtype 'WnckWindowActions' as enum when in fact it is of type 'GFlags' ** (gwibber:8182): WARNING **: Trying to register gtype 'WnckWindowMoveResizeMask' as enum when in fact it is of type 'GFlags' Traceback (most recent call last): File "/usr/bin/gwibber", line 50, in <module> from gwibber import client File "/usr/lib/python2.6/dist-packages/gwibber/client.py", line 3, in <module> import gtk, gobject, gwui, util, resources, actions, json, gconf File "/usr/lib/python2.6/dist-packages/gwibber/gwui.py", line 2, in <module> import os, json, urlparse, resources, util File "/usr/lib/python2.6/dist-packages/gwibber/util.py", line 2, in <module> from microblog.util.couch import RecordMonitor File "/usr/lib/python2.6/dist-packages/gwibber/microblog/util/couch.py", line 10, in <module> OAUTH_DATA = desktopcouch.local_files.get_oauth_tokens() File "/usr/lib/python2.6/dist-packages/desktopcouch/local_files.py", line 323, in get_oauth_tokens oauth_token_secrets = cf.items_in_section("oauth_token_secrets")[0] File "/usr/lib/python2.6/dist-packages/desktopcouch/local_files.py", line 189, in items_in_section raise ValueError("Section %r not present." % (section_name,)) ValueError: Section 'oauth_token_secrets' not present. and i cant work out whats wrong with it. Can anyone point me in the right direction?

    Read the article

  • Can I use IIS to do ActiveDirectory single-sign-on for another website?

    - by brofield
    I'm trying to add Active Directory single-sign-on support to an existing SOAP server. The server can be configured to accept a trusted reverse-proxy and use the X-Remote-User HTTP header for the authenticated user. I want to configure IIS to be the trusted proxy for this service, so that it handles all of the Active Directory authentication for the SOAP server. Basically IIS would have to accept HTTP connections on port X and URL Y, do all the authentication, and then proxy the connection to a different server (most likely the same X and Y). Unfortunately, I have no knowledge of IIS or AD (so I am trying my best to learn enough to build this solution) so please be gentle. I would assume that this is not an uncommon scenario, so is there some easy way to do this? Is this sort of functionality built into IIS or do I need to build some sort of IIS proxy program myself? Is there a better option for getting the authentication done and the X-Remote-User HTTP header set than requiring IIS? Update: For example, what I am trying to create is: [CLIENT] [IIS] [AD] [SOAP-SERVER] 1. |---------------->| 2. |<--------------->|<---------->| 3. |--------------------------->| 4. |<---------------------------| 5. |<----------------| 1. POST to http://example.com/foo/bar.cgi 2. Client is not authenticated, so do authentication 3. Once validated, send request to server (X-Remote-User: {userid}) 4. Process request, send response 5. Forward response to client I need to know how to configure IIS to do the automatic authentication of the user using AD, and then to proxy the request to the actual server, sending the userid in the X-Remote-User HTTP header.

    Read the article

  • Remote management interface for managing ip6tables (or an alternative firewall)

    - by Matthew Iselin
    I'm working with IPv6 and have run into an issue configuring ip6tables on our main router in order to control what can come into the network. A default DROP rule in the FORWARD section has worked well (obviously leaving ESTABLISHED,RELATED as ACCEPT) to keep internal clients' open ports from being accessed. However, running an ip6tables command for every little change is unwieldy. Whilst we are able to continue creating rules manually, I'm wondering if there's some sort of management interface we could use to create the rules quickly and easily. We're looking to be able to save time working on our firewall as well as providing a simple method for modifying rules for those who will eventually replace us. I know webmin (heavily locked down on our network, naturally) has support for modifying iptables rules, but seemingly no support for ip6tables. Something similar would be fantastic. Alternatively, suggestions for a firewall solution apart from iptables/ip6tables which can be managed remotely wouldn't be out of order. A web interface for management is certainly preferable, even if it is just a wrapper with shiny buttons over the raw config files.

    Read the article

  • Is iptable capable of this or should I go with mod_proxy?

    - by Jesper
    I'm trying to configure my network to receive an incoming connection on one device and then redirect it to another device on a specific port. Right now I'm on about port 80 and a device running apache. The problem I'm facing is that when the forwarding is done it also sets the source ip to the first device instead of the source ip the user that connects to the service has. Let me illustrate it: [Internet User] = 7.7.7.7 connects to [Device 1] = 1.1.1.1:80 [Device 1] forwards it to [Device 2] = 1.1.1.2:80 [Device 2] outputs response that [Internet User] sees So on [Device 2] I will naturally see [Device 1]s IP in the logs, but I wanna see if there is a way to connect the internet user through [Device 1] to [Device 2] while seeing the real source IP in the logs on [Device 2]. Is that possible? My rule-set looks like this at the moment: (on Device 1) iptables -P FORWARD ACCEPT iptables -t nat -I PREROUTING -j DNAT -p tcp --dport 80 --to-destination 1.1.1.2:80 iptables -t nat -I POSTROUTING -j SNAT -p tcp -d 1.1.1.2 --to-source 1.1.1.1 On [Device 2] it accepts all incoming on port 80 from [Device 1] as well as accepts all related and established connections. So, would there be any way to get the real source onto [Device 2]? Let me know if you need more information!

    Read the article

  • append $myorigin to localpart of 'from', append different domain to localpart of incomplete recipient address

    - by PJ P
    We have been having some trouble getting Postfix to behave in a very specific fashion in which sender and recipient addresses with only a localpart (i.e. no @domain) are handled differently. We have a number of applications that use mailx to send messages. We would like to know the username and hostname of the sending party. For example, if root sends an email from db001.company.local, we would like the email to be addressed from [email protected]. This is accomplished by ensuring $myorigin is set to $myhostname. We also want unqualified recipients to have a different domain appended. For example, if a message is sent to 'dbadmin' it should qualify to '[email protected]'. However, by the nature of Postfix and $myorigin, an unqualified recipient would instead qualify to [email protected]. We do not want to adjust the aliases on all servers to forward appropriately. (in fact, every possible recipient doesn't have an entry in /etc/passwd) All company employees have mailboxes on Exchange, which Postfix eventually routes to, and no local Linux/Unix mailboxes are used or access. We would love to tell our application owners to ensure they use a fully qualified email address for all recipients, but the powers that be dictate that any negligence must be accommodated. If we were to keep $myorigin equal to $myhostname, we could resolve this issue by having an entry such as the following in 'recipient_canonical_maps': @$myorigin @company.com However, unfortunately, we cannot use variables in these map files. We also want to avoid having to manually enter and maintain the actual hostname in 'recipient_canonical_maps' for each server. Perhaps once our servers are 'puppetized' we can dynamically adjust this file, but we're not there yet. After an afternoon of fiddling I've decided to reach out. Any thoughts? Thanks in advance.

    Read the article

  • iptables forwarding to a dummy interface

    - by madinc
    Hi, I'm trying to accomplish the following: I have a box with a service listening on a dummy interface (say 172.16.0.1), udp port 5555. Now what I'd like to do is to take packets that arrive on interfaces eth0 (1.1.1.1:5555) and eth1 (2.2.2.2:5555) and forward them to the service on the dummy interface, and have replies go back to clients out the same physical interface they came in. Clients must think they're talking to 1.1.1.1:5555 or 2.2.2.2:5555. I think I need a mix of iptables rules and packet marking, plus some iproute rules (if it's possible at all). What I tried is to catch packets coming in from eth0 and eth1, udp port 5555, and mark them with 1 and 2 respectively, and --save-mark in the connmark. Then I used a DNAT to 172.16.0.1. The service seems to be getting the packets. Now I'm not sure how to do the reverse. It seems that for packets originating from the box, you can't do anything before the routing decision, but that would be the place to restore the marks, and thus make a routing decision based on those. Here's what I have so far: iptables -t mangle -A PREROUTING -d 1.1.1.1 -p udp --port 5555 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -d 2.2.2.2 -p udp --port 5555 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -d 1.1.1.1 -p udp --port 5555 -j CONNMARK --save-mark iptables -t mangle -A PREROUTING -d 2.2.2.2 -p udp --port 5555 -j CONNMARK --save-mark iptables -t nat -A PREROUTING -m mark --mark 1 -j DNAT --to-destination 172.16.0.1 iptables -t nat -A PREROUTING -m mark --mark 2 -j DNAT --to-destination 172.16.0.1 # What next? As I said, I'm not even sure it can be done. To give a bit of background, it's an old OpenVPN installation that cannot be upgraded (otherwise I'd install a recent version that supports multihoming natively). Thanks for any help.

    Read the article

  • OpenWRT + OpenVPN client forwarding from lan to vpn not working

    - by Dariusz Górecki
    I've OpenWRT router with Backfire 10.03.1-rc3 (arch:brcm 2.6 kernel) I've set up an OpenVPN client connecting my router with workplace lan, and it works nicely, I can connect from router to networks (several) in workplace. My OpenVPN client uci-config looks like: config 'openvpn' 'stream_client' option 'nobind' '1' option 'float' '1' option 'client' '1' option 'reneg_sec' '0' option 'management' '127.0.0.1 31194' option 'explicit_exit_notify' '1' option 'verb' '3' option 'persist_tun' '1' option 'persist_key' '1' list 'remote' 'remote.address.cutted' option 'ca' '/lib/uci/upload/cbid.openvpn.stream_client.ca' option 'key' '/lib/uci/upload/cbid.openvpn.stream_client.key' option 'cert' '/lib/uci/upload/cbid.openvpn.stream_client.cert' option 'enable' '1' option 'dev' 'tun1' I've set the 'STREAM_VPN' Zone to allow in/out traffic, and I've added rules for zone-to-zone lan<-vpn and vpn<-lan config 'zone' option 'name' 'stream_vpn' option 'network' 'stream_vpn' option 'input' 'ACCEPT' option 'output' 'ACCEPT' option 'forward' 'REJECT' config 'forwarding' option 'src' 'lan' option 'dest' 'stream_vpn' config 'forwarding' option 'src' 'stream_vpn' option 'dest' 'lan' And interface config: config 'interface' 'stream_vpn' option 'proto' 'none' option 'ifname' 'tun1' option 'defaultroute' '0' option 'peerdns' '0' Now, from my router everything works nicely, the problem is that I cannot connect from computer inside a lan to hosts in networks provided by vpn connection :/ What I've missed, or what I'm doing wrong? And how can I force using specified DNS when connected to vpn? (I know that sever should use PUSH DNS option, but is PUSHes only routes)

    Read the article

  • Firebox 1250e Core Failing?

    - by Noah
    We have 2 Firebox 1250e Core firewall boxes in our production environment, serving as an active and passive mode. A few months back, the active box was flashing a warning light, so our consultant removed it, and plugged it in to a test network. Everything appeared to be working fine, so he reloaded it into the production environment, and we didn't see any other issues. Fast forward to last week, and out network was constantly dropping connections over RDC, timing out, and performing as if there was a traffic issue. I turned off the production box and everything began to work fine immediately. At this point though, I'm not sure how to proceed. Should the box be completely replaced? Is there any recommended testing we could do to determine if there is a failure of some type with this device? Should we try upgrading the software on it? I know the environment isn't the issue, since the passive box (which is now the active one) is working fine. We'd like to have 2 in production though for safety failover purposes. I am not a network admin, but am hoping someone here might be able to provide some guidance.

    Read the article

  • Debian/Ubuntu - No network connection

    - by leviathanus
    I have a very weird situation on my Ubuntu 12.04 LTS Server. I can not access (ping) my gateway, although I believe my config is ok - I attach the outputs. Any hints where to look? (I changed the beginning of the IP to something different, just obfuscation) ping 5.9.10.129 PING 5.9.10.129 (5.9.10.129) 56(84) bytes of data. From 5.9.10.129 (5.9.10.129) icmp_seq=2 Destination Host Unreachable From 5.9.10.129 (5.9.10.129) icmp_seq=3 Destination Host Unreachable From 5.9.10.129 (5.9.10.129) icmp_seq=4 Destination Host Unreachable uname -r 3.2.0-29-generic ifconfig eth0 eth0 Link encap:Ethernet HWaddr 3c:97:0e:0e:54:d7 inet addr:5.9.10.142 Bcast:5.9.10.159 Mask:255.255.255.224 inet6 addr: fe80::8e70:5aff:feda:c4ac/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1216 errors:0 dropped:0 overruns:0 frame:0 TX packets:490 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:107470 (107.4 KB) TX bytes:34344 (34.3 KB) Interrupt:17 Memory:d2500000-d2520000 ip route default via 5.9.10.129 dev eth0 metric 100 5.9.10.128/27 via 5.9.10.129 dev eth0 5.9.10.128/27 dev eth0 proto kernel scope link src 5.9.10.142 route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 5.9.10.129 0.0.0.0 UG 1000 0 0 eth0 5.9.10.128 5.9.10.129 255.255.255.224 UG 0 0 0 eth0 5.9.10.128 0.0.0.0 255.255.255.224 U 0 0 0 eth0 iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination UPD: Eric, this is how routing information looks on a working server: 0.0.0.0 78.47.198.49 0.0.0.0 UG 100 0 0 eth0 78.47.198.48 78.47.198.49 255.255.255.240 UG 0 0 0 eth0 78.47.198.48 0.0.0.0 255.255.255.240 U 0 0 0 eth0 As I understand it, Hetzner tries to ensure security by this, so I can not take over an IP by changing my MAC. But this is another server, which has another netmask (255.255.255.240) UPD2: BatchyX, on the working server: 78.47.198.49 dev eth0 src 78.47.198.60 cache on the broken: 5.9.10.129 dev eth0 src 5.9.10.142 cache

    Read the article

  • What ways are there to set permissions on an Exchange 2003 mailbox?

    - by HopelessN00b
    I'm having a difficult/impossible time tracing down a permissions issue on an Exchange 2003 mailbox, and I was wondering if I'm missing any technical possibilities here. The basic question is what ways are there to set a user's permissions to access a mailbox in Exchange 2003? I know of two. Permissions on the mailbox itself (Mailbox Rights) and having delegated rights. And then, if it's possible, how would one view all the permissions (including delegated permissions) on the mailbox? The situation is that a new user who's been set up "exactly like all the others" in his department (pretty sure he was copied via the right click option in ADUC, in fact) can't access a specific shared mailbox, which I've been assured about a dozen other people do have access to and access on a regular basis. As to how they got permissions to the mailbox, no one knows, so it must have been granted by a white wizard whose spell has since worn off, so now IT has to handle it instead. Anyway... This mailbox is a normal AD user, created as a service account, for which no one knows the password (of course), so it's probably not the case that this service account was being used to delegate permissions. Upon taking examining the Mailbox Rights directly... Here are the permissions I see: This leads me to believe that one of two things are happening - the managers have been delegating full mailbox permissions to the rest of the department, or everyone's logging in using... not their own account. But, before I get too excited about the prospect of busting out the LART and strolling over to that department, I want to make sure I'm not missing another possible explanation. Like most of the rest of the world, I ditched Exchange 2003 at the earliest possible opportunity, and had been looking forward to never seeing it again, so I'm a bit rusty on the intricacies of how it [mostly, sort of] works. Anyone see any or possibilities, or things I may have missed, or does the LART get to come out and play?

    Read the article

  • Torrent upload ratio not updated on Synology DS212+

    - by user179271
    I have a Synology DS212+ NAS running DSM 4.2-3211 (current version). I use it for several purposes including torrent download using Download Station and a tracker that needs authentication. My problem is that my download/upload ratio isn't updated, so it constantly falls down. My NAS is behind a router, and I configured the NAT to forward ports 6890 to 6999 to the internal IP address of the NAS. Here are the Download Station settings : TCP port : 6990, Sharing ratio : 900%, Sharing time : infinite, max download speed : 0 (no limit), max upload speed : 0 (no limit), BT protocol encryption : checked, max numbers of peers allowed by torrent file : 4000, DHT : checked, with port 6889. When the DHT option is not checked, the NAS doesn't upload any files. I don't know what is this option for. Can someone help me to solve this problem ? Did I miss any step, or does it come from the NAT ? How is the authentication managed by Dowload Station ? (Sorry for my english) Thanks.

    Read the article

  • Multiple static WAN IP addresses to single LAN subnet

    - by Jessy Houle
    Below is my home network topology. I currently have 5 static IP addresses, 3 of which are in use by 3 routers. These routers in-turn subnet internal networks and port forward. I use my SSL VPN appliance to remote home from work or on the road. At this point I can remotely administer my Windows Server. I know the network is setup wrong, I was matching existing hardware the best I knew how. http://storage.jessyhoule.com.s3.amazonaws.com/network_topology.jpg Ok this said, here is the problem... One of my websites on my Windows Server now needs to be secure (SSL using port 443). However, I'm already port forwarding port 443 to my VPN appliance. Furthermore, if I'm going to have to reconfigure the network, I would really like to be able to use the SSL VPN to remotely administer all machines. I mentioned this to a friend of mine, who said that what I was looking for was a firewall. Explaining that a firewall would take in multiple static (WAN) IP addresses, and still allow all internal devices to be on the same network. So, basically, I could supply my SSL VPN appliance it's very own static (WAN) IP address routing, and yet have it on the same internal network (192.168.1.x) as all my other devices. The first question is... Does this sound right? Secondly, would you suggest anything different? And, finally, what is the cheapest way to do this? I am started down the road of downloading/installing untangle and smoothwall to see if they will do the job, hoping they take multiple static (WAN) IP addresses. Thank you in advance for your answers. -Jessy Houle

    Read the article

  • pfSense Load Balancer and Virtual IP

    - by jshin47
    I have two identical web servers on 10.2.1.13 and 10.2.1.113. I would like to set up pfSense load balancer to balance requests to both of these. I set up pools that included HTTP and HTTPS for both of these hosts, then set up virtual servers that responded on HTTP and HTTPS and referred traffic to its respective pool. However, I set up the virtual server to listen on 10.2.1.213, a LAN IP rather than a WAN IP, because I want LAN traffic to be able use the load balancer virtual server as well. So, I set up a Virtual IP for 10.2.1.213 on LAN IP, and a NAT port forwarding rule for HTTP and HTTPS traffic on a WAN IP to forward to 10.2.1.213. It seems like this should work, but it fails. What eventually happens is that when I try to access the page from WAN, I am directed to the login page for my pfSense device rather than the page I am expecting. When I try to access 10.2.1.213 from LAN, the request times out. What is going wrong here? I have tried it with and without NAT reflection to no avail. Please advise

    Read the article

  • Windows 7 remote desktop encryption error every few minutes

    - by rfrankel
    Because of an error in data encryption, this session will now end. This is the error I've been getting more and more frequently over the past few days, to the point that I can't ignore it because it's happening consistently within 5 minutes of connecting - sometimes within a few seconds. Both the remote and local machines are Windows 7 Pro x64. The remote machine is behind a Linksys RV082, and I'm using UPnP to forward a remote port to the correct local port. This setup had been working fine for several months, and I can't think of any recent relevant changes that might have been made. Things I've already tried: Disabling unnecessary components of the network connection on the remote machine, until only IPv4 and Client for Microsoft Networks remain. Disabling TCP large send offload on both the remote and local machines. Confirming that the remote machine is not mentioned anywhere in any DMZ settings on the Linksys router. Confirming that there are no x509-related registry keys screwing things up (this is the suggested fix for a slightly different error anyway). These are the only solutions I've been able to find after about an hour of searching, and most of them apply to XP or Server 2003 in any case. If anyone could suggest something else, it would be much appreciated.

    Read the article

  • Are my iptables secure?

    - by Patricia
    I have this in my rc.local on my new Ubuntu server: iptables -F iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 9418 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --dport 5000 -m state --state NEW,ESTABLISHED -j ACCEPT # Heroku iptables -A INPUT -i eth0 -p tcp --sport 5000 -m state --state ESTABLISHED -j ACCEPT # Heroku iptables -A INPUT -p udp -s 74.207.242.5/32 --source-port 53 -d 0/0 --destination-port 1024:65535 -j ACCEPT iptables -A INPUT -p udp -s 74.207.241.5/32 --source-port 53 -d 0/0 --destination-port 1024:65535 -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT iptables -P INPUT DROP iptables -P FORWARD DROP 9418 is Git's port. 5000 is a port used to manage Heroku apps. And 74.207.242.5 and 74.207.241.5 are our DNS servers. Do you think that this is secure? Can you see any holes here? Update: Why is it important to block OUTPUT? This machine will be used only by me.

    Read the article

  • Isolate clients on same subnet?

    - by stefan.at.wpf
    Given n (e.g. 200) clients in a /24 subnet and the following network structure: client 1 \ . \ . switch -- firewall . / client n / (in words: all clients connected to one switch and the switch connected to the firewall) Now by default, e.g. client 1 and client n can communicate directly using the switch, without any packets ever arriving the firewall. Therefore none of those packets could be filtered. However I would like to filter the packets between the clients, therefore I want to disallow any direct communication between the clients. I know this is possible using vlans, but then - according to my understanding - I would have to put all clients in their own network. However I don't even have that much IP addresses: I have about 200 clients, only a /24 subnet and all clients shall have public ip addresses, therefore I can't just create a private network for each of them (well, maybe using some NAT, but I'd like to avoid that). So, is there any way to tell the switch: Forward all packets to the firewall, don't allow direct communication between clients? Thanks for any hint!

    Read the article

  • SMTP message rate control on Ubuntu 8.04, preferably with postfix

    - by TimDaMan
    Maybe I am chasing a bug but I am trying to set up a smtp proxy of sorts. I have a postfix server which receives all the email for a collection of servers/clients. It them uses a smarthost (relayhost=...) to forward it's mail to our corporate MTA. I would like to limit the number of messages an individual server can relay to prevent swamping the corporate MTA. Postfix has a program called "anvil" that is capable of tracking stats about mail to be used for such things but it doesn't seem to be executed. I ran "inotifywait -m /usr/lib/postfix/anvil" while I started postfix and sent a number of messages through it from a remote server. inotifywait indicated anvil was never run. Anyone gotten postfix/anvil rate controls to work? main.cf smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no readme_directory = no myhostname = site-server-q9 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = localhost relayhost = Out outgoing mail relay mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = 10.X.X.X smtpd_client_message_rate_limit = 1 anvil_rate_time_unit = 1h master.cf extract anvil unix - - - - 1 anvil smtp inet n - - - - smtpd

    Read the article

  • Any non-custom way to manage iptables with fail2ban and libvirt+kvm?

    - by Peter Hansen
    I have an Ubuntu 9.04 server running libvirt/kvm and fail2ban (for SSH attacks). Both libvirt and fail2ban integrate with iptables in different ways. Libvirt uses (I think) some XML config and during startup (?) configures forwarding to the VM subnet. Fail2ban installs a custom chain (probably at init) and periodically modifies it to ban/unban probable attackers. I also need to install my own rules to forward various ports to servers running in VMs and on other machines, and set up rudimentary security (e.g. drop all INPUT traffic except the few ports I want open), and of course I'd like the ability to add/remove rules safely without restarting. It seems to me iptables is a powerful tool that's sorely lacking some sort of standardized way of juggling all this stuff. Every project, and every sysadmin, seems to do it differently! (And I think there's lots of "cargo cult" admin going on here, with people cloning crude approaches like "use iptables-save like so".) Short of figuring out the gory details of exactly how both of these (and potentially other) tools manipulate the netfilter tables, and developing my own scripts or just manually executing iptables commands, is there any way to safely work with iptables while not breaking the functionality of these other tools? Any nascent standards or projects defined to bring sanity to this area? Even a helpful web page I missed that might cover at least these two packages together?

    Read the article

  • Error related to pkg-config when installing frei0r as part of another package

    - by Anentropic
    I am trying to build https://github.com/mltframework/shotcut on OS X Lion (using their script in scripts/build_shotcut.sh) and after numerous hurdles I'm stuck on this error: ./configure: line 16062: syntax error near unexpected token `OPENCV,' ./configure: line 16062: `PKG_CHECK_MODULES(OPENCV, opencv >= 1.0.0, HAVE_OPENCV=true, true)' ERROR: Unable to configure frei0r From what I already googled this means that the PKG_CHECK_MODULES macro hasn't been defined, which probably means there's something wrong with my pkg-config, which I installed via Homebrew. Sounds like the pkg.m4 file isn't found. When I brew install pkg-config I get the following warning: Warning: m4 macros were installed to "share/aclocal". Homebrew does not append "/usr/local/share/aclocal" to "/usr/share/aclocal/dirlist". If an autoconf script you use requires these m4 macros, you'll need to add this path manually. Well I've appended that line to the dirlist file and it doesn't fix the problem above. Can anyone suggest a way forward here? I have briefly tried building my own pkg-config from source but (bizarrely) when I tried to ./configure I got the following error: checking for pkg-config... no ./configure: line 13540: --exists: command not found configure: error: pkg-config and glib-2.0 not found, please set GLIB_CFLAGS and GLIB_LIBS to the correct values if building pkg-config needs pkg-config it seems like a weird catch 22 situation... I think this is probably an unnecessary sidetrack anyway.

    Read the article

  • Iptables QUEUE Target and Snort

    - by bradlis7
    I'm trying to set up a firewall with support for snort, and it is dropping all of my packets when I add the QUEUE target. I've made it like this, but the QUEUE target is not allowing the packets to be processed any further: -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -j QUEUE -A INPUT -j ACCEPT # It's not allowing anything past QUEUE, as you can see below in the count. > iptables -I INPUT -nv pkts bytes target prot opt in out source destination 6707 395K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 933 138K QUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 I'm eventually going to change it to forward, but I'm just trying to get it working for now. I start snort like so: snort -Q -D -c /etc/snort/snort.conf EDIT: More Information When I run it, it still sees the packets without having an iptables QUEUE target rule, but when I add a QUEUE target, it starts losing all of my packets. # snort -Qc /etc/snort/snort.conf -N -A console Enabling inline operation Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/etc/snort/snort.conf" ## === CUT === *** *** interface device lookup found: bond0 *** Initializing Network Interface bond0 Decoding Ethernet on interface bond0 ## === CUT === Not Using PCAP_FRAMES So, it says inline, but the it says it's using bond0. Inline should not require an interface, right?

    Read the article

  • How to create a static IP on Windows Server 2008 R2 so I can access the server remotely

    - by Aesir
    I have just purchased a HP Proliant N40L which I am intending to use as a NAS, learning tool and just in general something to mess around with. As a student via the Microsoft dreamspark program I can get a free copy of Windows Server 2008 R2 which I am using as the OS. So that I can remote to the box from outside of my local network and so that I can stream media from it to my PS3, I have read that I need to create a static IP for the server and use port forwarding to forward to this IP so I can remote in. Is this correct? I am not really sure how to do this and if I need to make these changes on my router configuration, on the OS or both. I am a novice when it comes to networking however most resources for Windows server 2008 R2 seem to assume a fair amount of experience already. I realise that using this particular OS may seem like overkill for what I currently wish to do with it (stream content to other devices and backup) but as I can get a copy for free it seems sensible. Edit: From reading answers posted I feel I should give more information. I have now tried to add a static IP address using my router configuration settings. I have used the getmac command to get the mac address of the server. My ISP is Virgin Media and I have gone to the LAN IP section and I have added an IP address to the DHCP Reservation Lease Info. I can now use remote desktop connection internally to remote to the server (so I am assuming assigning this IP has worked). How do I configure this on the OS as well? I am also unsure on how I would remote to this machine outside of my local network?

    Read the article

  • filter / directing URLs coming onto a network

    - by Jon
    Hi all, I an not sure if this is possible or not but what i would like to do is as follows: I have one IP address (dynamic using zoneedit.com to keep it upto date). I have one webserver running my main site which is an Ubuntu machine running Apache. I also have a windows 2008 server running another site. Just to confuse things I also run part of my Apache site on the windows server, currently using proxypassreverse to get the information from it. So it looks something like this: IP 1.2.3.4 maps to mydomain.com as well as myotherdomain.com All requests that come into port 80 are forwarded to the Apache box and I use Virtualhost settings to proxy the windows sites where needed. so mydomain.com is an Apache site mydomain.com/mywindowssection is the Apache server using proxypassreverse to get part of the site from the Windows server myotherdomain.com uses Apache and proxypassreverse to get the whole site. What I would like to be able to do is forward all http requests that come into my network to one machine that figures out who should be serving that content. so: mydomain.com would go to the Apache machine myotherdomain.com would go the windows machine. I am just in the process of setting up an Astaro gateway (never done this before so taking a while to configure) as my firewall, dns, dhcp etc, don't know if this can handle it. I have the capacity to run a VM on the network if a seperate box would be needed for this process as well. Thanks for any and all feedback. Jon

    Read the article

  • Permission problem with Git (over SSH) on FreeBSD

    - by vpetersson
    We're having permission problem with Git on FreeBSD. The setup is fairly straight forward. We have a few different repos on the same server. For simplicity, let's say they reside in /git/repo1 and /git/repo2. Each repo is owned by the user 'git' and a self-titled group (eg. repo1). The repo is configured with g+rwX access. Every user who commits to the repository is also member of the group for the repo (eg. repo1). The Git repositories all have 'sharedRepository = group' set. So far so good, all users can check out the code from the repositories, and the first user can commit without any problem. However, when the next user tries to commit to the repositories, he will receive a permission error. We've been banging our heads with this issue for some time now, and the only way we've managed to resolve it is by running the following script between commits (which is obviously very inconvenient): find /git/repo1 -type d -exec chmod g+s {} \; chmod -R g+rwX /git/repo1 chown -R git:repo1 /git/repo1/ cd /git/repo1 git gc Anyone got a clue to where the problem lies?

    Read the article

  • Homebrew large data cluster access for 2 user levels?

    - by Yegor
    The title probably makes little sense, so here is an example. I have a file hosting site, that serves a large amount of semi-randomly accessed files. The setup is as follows: High horsepower front-end +DB server that also does encoding for files that need encoding Fresh file server, which stores newly uploaded content, thats probably (and usually) rapidly accessible, which has 500GB of raided SSD storage, that can push over 3GBit of traffic. 3 cheap node servers, containing 2 x 750GB SATA drives in raid1, where files older than 2 weeks are archived, from the SSD server (mentioned above). Files on each server are accessed via subdomains (via modsec) in a straight forward fashion (server1.domain.com, server2.domain.com, etc) Where I have the problem is this. I introduced a "premium" service where people pay a small fee every month, and get ad-free, quick accesses to stuff on the site. Once they are logged in, they access same files via premium.server1.domain.com via a different modsec script, with a different pass phrase. That all works fine and dandy.... except the cheap node servers are all IO bound, so accessing the files on them via a different, unsaturated network makes no difference, since it cannot read off the drive fast enough. What would be a good way to make files on the site be accessible via 2 different network routes, 1 of which will be saturated (the "free network") while all other files are on an un-saturated "premium" network?

    Read the article

  • Can't connect to vsftpd on Ubuntu 10.04

    - by Johnny
    I started the vsftpd on Ubuntu 10.04, but can't connect to it. The error says(FTP Client): Status: Connecting to 124.205.xx.xx:21... Error: Connection timed out Error: Could not connect to server I've checked the server status, and vsftpd is running: $ ps ax | grep vsftpd 23646 ? Ss 0:00 /usr/sbin/vsftpd 23650 pts/1 S+ 0:00 grep --color=auto vsftpd port 21 is under listening as well: $ netstat -tlnp | grep 21 (No info could be read for "-p": geteuid()=1000 but you should be root.) tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN - I can connect to localhost: $ ftp localhost Connected to localhost. 220 (vsFTPd 2.2.2) Name (localhost:jlee): 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> Here is iptables output $ sudo iptables -vL Chain INPUT (policy ACCEPT 191 packets, 144K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 124 packets, 28502 bytes) pkts bytes target prot opt in out source destination What's the problem here?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 199 200 201 202 203 204 205 206 207 208 209 210  | Next Page >