It's best not to mix the two technologies. Here is how to fix things but break Docker.
If you do an iptables -L you will notice even if you deleted all the Docker chains that the iptables FORWARD policy is enabled and is set to drop, this causes your VMs to not have networking, at least not outside the host machine.
Chain FORWARD (policy DROP)
target prot opt source&nb........
Just an FYI that the installer ignores your selection of Boot Loader, as it was intended for MBR/Legacy. The installer horribly, even when choosing "Something Else" and manually partitioning and creating an EFIin your install drive, will still install grub to the first EFI partition it finds, even if you are following a guide like this to avoid wiping out the M........
Bonding is an excellent way to get both increased redundancy and throughput. It is similar to the "Network Teaming" feature in Windows.
There are a few different modes but we will use mode 6, I think it's the best of both worlds, as it is not just a failover, but it provides round robin, so you will get redundancy and load balancing. So if you have a 1G single port, you will have a combined throughput of 4G at this point. Just bear in mind that the true thr........
The Best Docker Tutorial for Beginners
We quickly explain the basic Docker concepts and show you how to do the most common tasks from starting your first container, to making custom images, a Docker Swarm Cluster Tutorial, docker compose and Docker buildfiles.........
Let's say we have an IP that is dropped by iptables 192.168.20.2
service iptables status|grep 192.168.20.2
184 DROP all -- 192.168.20.2 0.0.0.0/0
Two Ways To Delete The iptables Rule
1.) Delete by the rule number which in our........
1. Let's work from an environment where we can install Ansible on.
If you are using an older version of Linux based on Mint 18 or Ubuntu 16, you may want to get the PPA and get the latest version of Ansible that way:
sudo add-apt-repository ppa:ansible/ansible
sudo apt update
Some bugs in older Ansible versions are where unarchive will retriev........
It is common that you may get access to undocumented equipment and need to reset the password. This applies to many Cisco routers whether 2600, 2900, 3900 etc...
Cisco's Guide says to hit Ctrl +Pause/Break but if it doesn't work on some devices causing people to say "cisco password reset pause break does not work", you can see Cisco's alternative key combinations here:........
This is caused because the user is running as qemu for virt-resize and if qemu does not have privileges to read from the source and write to the destination, it will fail with the below. So either change the uid of qemu or change the ownership of the source and target.
virt-resize --expand /dev/sda2 /root/kvmtemplates/windows2019-eval-template.img /root/kvmguests/kvmkvmuser4515........
This is not about using ssh as a proxy, but rather, using a proxy when you are SSHing to another host and using ProxyCommand (where we normally use nc as our proxy tool).
In newer versions of nc the syntax has changed to the following:
ssh -o ProxyCommand="nc -x 127.0.0.1:1234" %h %p user@host
The format must be like above in newer nc versions.
Just be sure to change the 1234 to the port of your SOC........
If you just do a normal chown user.user somedir it won't work. You will see the ownership is still the previous owner.
How To Change Ownership Of Symlink:
The simplest part is just adding the -h which means no dereference so it applies the ownership on the symlink and does not try (and fail) to change ownership of the dereferenced symlink destination.
chown -h user.user somedir........
Opening Firefox from the CLI reveals the following as the cause of the error:
Query failed: Error: Error(s) encountered during statement execution: no such table: moz_favicons
The symptoms of this issue are that in the address bar you cannot hit enter to browse to a site/url/address and your history cannot be accessed, nor does your history show up in the address bar when typing previously used addresses.
This usually happens because you've........
Cisco's CUCM (Cisco Unified Communication Manager) is a system that combines voice, video, data and mobile products into a single unified management suite. At its core, the CUCMis like a "Super PBX" that controls the flow of all communications through an organization even single or multiple site deployments.
Cisco's CUCMmakes communication more effective and simple through centralized management and unification of communications resources.........
This is not so much of a vi error as it is a physical filesystem error in the sense that the file you are trying to write to is a symlink and the destination doesn't exist or for some other reason is inacessible.
So vi is tellng you "you're writing to a symlinked file and the file the symlink points to cannot be written to". This is especially highlighted byt he fact that if you are using wq! to write and you still get the error.........
The easiest way is to use SSHand DD or a combination of netcat. SSHwill be a little slower due to encryption but is the most secure way (on two older systems the average clone speed is about 40-50MB/s). This is also OS independent as it doesn't matter what the source OS is because you are literallly cloning the drive so you retain the partition table and settings.
Clone HDD using SSH and DD........
iptables -t NAT -A PREROUTING -s 18.104.22.168/24 -j DNAT --to-destination 10.10.10.1
iptables v1.4.7: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
# it is case sensitive "nat" and DO NOT use "NAT" or you will get this error!
iptables -t nat -A PREROUTING -s 22.214.171.124/24 -j DNAT --to-destination 10.10.10.1........
The old MBR 512 bytes partition table is no longer valid if you are using GPT.
To copy a GPT table with dd to another disk do it like so:
Below sda is the source disk and destination disk is sdb (change to meet your needs).
dd if=/dev/sda of=/dev/sdb bs=1536 count=1
You can also use dd to backup your partition table like normal but with the bs of 1536
Using Apache 2.2 and PHP5.6 PHPBB3 is very slow to respond. Actually for some reason it takes so long to even register a log entry in access_log as in several seconds or a few minutes later it shows up in Apache. All other vhosts and Apache access stops working and freezes until the request to access PHPBB3 slowly completes.
It seems to randomly be slow if you stop using it whether for posting or reading the forums. I've migrated to different machines including........
You can actually just pass multiple "-L" statements to achieve this.
An example is as below:
ssl -L 80:192.168.10.5:80 -L443:192.168.10.5:443 -L2068:192.168.10.5:2068 -L 8192:192.168.10.5:8192 firstname.lastname@example.org
The above essentially is saying forward ports 80,443,2068,8192 to the remote IPof 192.168.10.5 (even though it is behind NAT). Essentially SSH will do the NAT part even if the........
iptables -t nat -A OUTPUT -m addrtype --src-type LOCAL --dst-type LOCAL -p tcp --dport 3306 -j DNAT --to-destination ip.ip.ip.ip
iptables -t nat -A POSTROUTING -m addrtype --src-type LOCAL --dst-type UNICAST -j MASQUERADE
sysctl -w net.ipv4.conf.all.route_localnet=1
Make sure you substitute "ip.ip.ip.ip" for your real public IP and also the "--dport 3306" for the port you want to forward.
Finally run the sysctl command and........
Live migrating container...
Syncing 2nd level quota
11000: invalid option -- F
Usage: vzdqload quotaid [-c file] commands
Loads user/group qouta information from stdin into quota file.
-c file use given quota file
Commands specify what user/group information to load:
-G grace time
-U disk limits........
This is a simple fix but not a simple problem and it still doesn't make sense to me.
But in a nutshell if your target proxy server works fast when accessing directly over SSL then this may be your issue.
It seems SSL does not play nicely when the target proxy destination/host has a riduculously long key (such as 8192 bits long). Now this is normally not a problem, in fact the target server could be accessed with hardly any delay directly despite such a long key.........
You have dual NICs and you disable NIC1 which uses 192.168.1.1 as its gateway. With NIC2 you enable it/connect it to another network which also has the gateway 192.168.1.1
Everything will work fine at this point.
When switching back to NIC1 even with NIC2 disabled and even unplugged, the OS basically can't pick up the new/updated ARP entry of the old device for 192.168.1.1 and perhaps thinks it is a security risk or spoof of some sorts and blocks i........
iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443,2068,8192 -j DNAT --to-destination 192.168.1.175
Just adjust the "--dports" to the ports you need and the --to-destination to the destination IP (note it must be on the same network as the server running iptables........
libguestfs tools howto guide for managing virtual machine images.
libguestfs-tools aka guestfs tools has a lot of tools that make this very easy for you. You can easily mount partitons from an image with some of the commands below.
To mount a partition
#mount the kvmuser102821.img image and the /dev/sda1 partition from it to the local directory "mount"
guestmount -a kvmuser102821.img -m /dev/sda1 mount
iptables -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1/32 --dport 3389 -j DNAT --to-destination 192.168.5.2:3389
iptables v1.4.7: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
The above is often because you don't have the correct modules loaded on the hostnode or enabled for the container but in some cases it's actually a weird openvz setting.
-A PREROUTING -d 126.96.36.199/32 -p tcp -m tcp --dport 1050 -j DNAT --to-destination 192.168.1.50:3389
The above forwards port 1050 on IP188.8.131.52 to 192.168.1.50 port 3389 (you can obviously edit things to meet your needs).........
-A PREROUTING -p tcp -m multiport --dports 10000,18080,13306 -j DNAT --to-destination 192.168.5.83........
This is important if you need public access to internal IPs such as at your office and don't want to use a VPN just to SSHinto different servers:
Below forwards the port "10001" to the IP184.108.40.206 on port 22 (of course adjust it to your needs).
iptables -t nat -A PREROUTING -p tcp --dport 10001 -j DNAT --to-destination 220.127.116.11:22
Remember to enable MASQUERADE on your NAT IPs or they won't be able to talk to the outside world (........
qemu-img create -b centos.5-8.x86.20120308.qcow2 -f qcow2 ../kvmguests/25000-centos5.8x86.qcow2
Formatting '../kvmguests/25000-centos5.8x86.qcow2', fmt=qcow2, backing_file=centos.5-8.x86.20120308.qcow2, size=10485760 kB
-b the source/base image
-f format is qcow2 and the location of the destination image
What is so special about this? It's even quicker than creating a template with OpenVZ but this is an actual OS.
It saves time a........
This is a very basic method and won't work in all cases but will reduce the chance of torrenting/abuse by your server users.
iptables -A INPUT -p tcp --destination-port 6881:6999 -j REJECT
iptables -A OUTPUT -p tcp --source-port 6881:6999 -j REJECT........
This is the mail system at host mail.postmail.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
Convert MBOX Mail files into Maildir using Linux
*You need perl an the TimeDate module
Get the free Perl script mb2md from the project/author's site:
#remember you need timedate or you'll get this error:
The first thing you need to remember is not to check from the same host/server itself. This is a silly mistake I made, the reason is that many mailservers and especially postfix are configured to allow relaying from the localhost/same host. If you do that you'll get a false positive.
*Make sure you test from another host/system than the mail server itself!
telnet yourmailserverhost.com 25
220 Courier (FreeBS........
*remember to apply changes you need to run "newaliases" after editing /etc/aliases
one thing I don't get is that it doesn't allow you to specify the whole e-mail address on the left-hand side
postalias: warning: /etc/aliases, line 109: name must be local (if you try the above)
It works more like this:
I was shocked that options like preserve and archive made no difference! This is a big deal and will catch people off guard.
Rsync include hidden files Solution:
You need to use something like: rsync -Pha /source/dir/. /dest/dir
*Notice the "." at the end of the source directory.
cp -a still ignores them too, the solution is the same:
cp -a /source/directory/. /destination........
One of the purposes of rsync is to backup whole filesystems and archive them but how can you do that properly and restore things to normal if all permissions and ownerships are not preserved from your root filesystem?
It's not desirable to have everything running as root, especially not just for an rsync.
The Easy rsync preserve permission solution for non-root users
sudo is the answer and all you have to do is edit /etc/sudoers
At the end o........
From a LiveCD or if you're doing something like converting your non-RAID install to mdadm here's how you would chroot properly (you have to mount your proc, sys and dev on the running system/LiveCD to your chroot environment if you want things to work right, especially if you need to run update-initramfs due to a driver change etc..)
*replace "path" with your mount/chroot path
mount -o bind /proc /mnt/path/proc
mount -o bind /dev/ mnt/pa........
Remember to replace "eth0" with your NIC device although usually it will be eth0.
Replace 192.168.1.1 with your default gateway, remember you can also add multiple gateways by adding a second/different default gateway.
Kernel IP routing table
Destination Gateway Genmask&nb........
Adding IP address(es): 192.168.5.8 192.168.5.9
Setting CPU units: 1000
Error: undump failed: Invalid argument
Error: iptables-restore exited with 2
Error: Most probably some iptables modules are not loaded
Error: rst_restore_net: -22
Container start failed
Stopping container ...
Container was stopped
Container is unmounted
Error: Failed to undump VE
vzquota : (erro........
It's basically free bash shell script available from: http://wpkg.org/email2fax/index.php/Main_Page
Make sure you have the required tools:
Where you can e-mail your Asterisk box and it will fax it to the phone number in the subject line. The good news ends there, it is fairly undocumented and buggy.
Take for example how the documentation mentions you can invoke from the com........
All you have to do is browse to:
C:Documents & SettingsYourUserName and you'll see the following:
Inside "My Recent Documents" are of course shortcuts to the most recent documents you opened
Inside "SendTo" is your sendto, you could edit that to Send a file to a network destination, your Flash Drive........
Clone any OS partition perfectlyIn one box I needed to copy the boot partition to another disk while retaining the MBR and other data.
I simply ran this command:
[code:1:1b1ff110ca]dd if=/dev/hda1 of=/dev/hdb1[/code:1:1b1ff110ca]
[b:1b1ff110ca]if[/b:1b1ff110ca] = source patition
[b:1b1ff110ca]of[/b:1b1ff110ca] = destination partition
Here's an interesting article on it
I have played around with Pound a little bit. It is a reverse proxy and load balancer in one, and it can be used as only a reverse proxy if you like. It is very simple to configure as either, and Pound even senses if one of the systems is down and stops sending requests to the dead server.
It supports SSL (but passes the request to the destination server unencrypted) and even the Apache log format. Pound is very simple, fast a........