This is how we configure outside PSTNaccess or dialing through another SIPtrunk. Beware that this a simplistic example that neglects most security including SRTP
First you'll need to be in config mode:
Step - 1 Enter Voice Service VOIP security options
There are more options but for now we'll just focus on security/allowing connections to and from our phones and the trunk.
Router(config)#voice service voip
........
Since newer versions of Ubuntu like 20, you will find there is no longer dynagen and that the dynamips provided is faulty and will segfault each time:
Cisco Router Simulation Platform (version 0.2.14-amd64/Linux stable)
Copyright (c) 2005-2011 Christophe Fillot.
Build date: Apr 3 2018 12:20:29
Local UUID: 3c1c0b7f-2fab-4fda-b40b-74841d1bcfe0
Instance ID set to 1.
netio_tap_create: unable to open TAP device tap1 (No such fi........
Make sure this makes sense for you but I've started to block a lot of commercial Cloud services and easily accessible providers as they are a very high source of abusive traffic. The cost savings for a lot of organizations are huge, as you now have less bandwidth usage and less resource usage from garbage/bot/malicious traffic. This mainly works for when you can be reasonably sure that your audience has no business visiting your service(s) from freely accessible commercial IP ........
Your frontend CDN (eg. Cloudflare or even your own load balancer/proxy) must be sending the X-Forwarded-For and you must be running Apache on the backend.
This solves the problem where your logs and services will only see the proxy/CDN IP and not the real client IP.
mod_rpaf will fix all of this
This solution transparently sets the real IP of the client for Apache and any services that rely on........
This example is using RTL8821AU chipset from a TP-Link T2U Plus USB adapter and other similar ones should work the same.
Here's how to get this chipset RTL8821AU working in Linux.
Here's how to get RTL8812 and RTL8822 working in Linux.........
apt install tftpd-hpa
#change TFTP_ADDRESS to by setting address to 192.168.1.1:69 or the IP you need, otherwise it will listen on all IPs and interfaces which could be a security risk.
# edit /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="192.168.1.1:69"
TFTP_OPTIONS="--secure"........
Some people find it less than intuitive to do on DNSMasq and by default DNSMasq is available on 0.0.0.0 which could even be your LAN or Public IP.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp ........
haproxy is one of the best known and widely used Open Source load balancers out there and a strong competitor to nginx.
haproxy is used by many large sites per Wikipedia:
HAProxy is used by a number of high-profile websites including GoDaddy, GitHub,........
Virtualbox is a very powerful tool, but for some use cases it is less than optimal.
Say you are in a work, lab or other environment where you are not alone on the physical network and there could be overlap of IPs, but you need all of your VMs to be contactable from your host, VMs need to communicate with each other, and VMs need internet.
NAT Network will give you VM to VM communication and internet, however, it is buggy and unstable. It also doesn't allow host to VM co........
So say you happen to have 2 NICs of the exact same chipset, they will generally show up as the same name, with possibly a different revision in lspci. Normally this is not an issue if you have a server with 4 NICs, generally the eth0 to eth3 appears from left to the right (or right to left on some vendors) so it doesn't take much figuring out.
Generally if you have different chipsets for different NICs, it should be easy to know which one is eth0 or the first NIC in the OS.........
Router#show license
Index 1 Feature: ipbasek9
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
Lic........
Here is how Ifixed it on a Mint/Ubuntu install
1.) First download the latest AMDGPU-Pro driver from here:
https://www.amd.com/en/support
Navigate to your relevant video card:
2.) Download the installer
One issue is that by default they give you a version for the latest version of........
ID3 2.4 can cause various MP3 players, especially on vehicles or even computers, not to play or at least not to display the ID3 tags.
In many cases though, since ID3 2.4 is much different than version 2.3, it will cause some players, especially in cars like Lexus not to play. Even on the computer, you may notice if you check the properties of the MP3 that it won't open or show any details (eg. frequency, bitrate and ID3 tags).
One symptom of this in a vehicle (eg. Leuxs,........
If you are using mint, delete the preference that stops snap from installing (as it is required for lxc)
sudo rm /etc/apt/preferences.d/nosnap.pref
1. Install lxd:
sudo apt install lxd
Issues install lxd or errors? Click here
Debian at this time does not have lxd so you'll need to use snap:
sudo apt in........
This can be used on almost anything, since Gluster is a userspace tool, based on FUSE. This means that all Gluster appears as to any application is just a directory.
Applications don't need specific support for Gluster, so long as you can tell the application to use a certain directory for storage.
One application can be for redundant and scaled storage, including for within Docker and Kubernetes, LXC, Proxmox, OpenStack, etc or just your image/web/video files or even da........
The Best Docker Tutorial for Beginners
We quickly explain the basic Docker concepts and show you how to do the most common tasks from starting your first container, to making custom images, a Docker Swarm Cluster Tutorial, docker compose and Docker buildfiles.........
Why choose OpenVPN instead of a firewall appliance?
OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time.
When comparing OpenVPN with traditional firewal........
In our 2024 VPS Server/Cloud Buyer's Guide, we place the location of your VPS/hosting/server as one of the priorities that is often overlooked.
2024 Update - Datacent........
Kubernetes Easy Beginners Tutorial/Architecture Guide
Kubernetes is known as container orchestration and we should start at explaining the container part of it.
A Container is what runs the actual application and based on an Image, and are more comparable to something like an LXC Container, Virtuozzo/OpenVZ using the Linux Kernel Namespaces feature. Containers run these images as independent, isolated operating environments under the O........
Just a quick note and warning is that if you are testing to see if EFIPXE booting works on a VM, MAKE SURE it actually works. For example Iinitially tested using my Distro's QEMU 2.5+dfsg-5ubuntu10.46 and ovmf BIOS firmware (OVMF supports EFI). However, I found on old versions of QEMU (like 2.5), EFIbooting with GRUB NEVER works so it may appear that you have made a mistake when everything is fine when you boot a physi........
Enable "cli" mode equivalent in JunOS
cli
Configure Mode
configure
So rather than going to the console on a Cisco switch and typing "enable" and then "conf t", the equivalent in JunOS is "cli" and "configure".
How Do You Apply Changes You've Made?
You can make all kinds of changes to the switch, but remember they are not........
This normally works but if not use my mencoder solution if the output video does not play past the joined time.
the contents of list.txt need to look like this:
file somefile.mp4
file somefile2.mp4
then run ffmpeg
ffmpeg -f concat -i list.txt -c copy CME-2-router-dial-peer-final.mp4
The result is almost instant joining since there is no video processing since we are........
The idlepc value is very important to dynamips and it is both image and often CPU dependent. There is no "magic"value that will work for all images and all CPUs so this is why I'll show you a quick and handy way.
Also don't be disappointed, some values do not work well but idlepc gives you several. For example in my example below #6 didn't help at all but #7 got me down to about 6% CPU from 99-100%.
*Befo........
This tutorial will get your router up and running using emulation tools. In this case we'll be getting a Cisco C7206 (C7200 series) VXR router going which also supports SCCP VOIP services.
dynamips is the emulator itself and dynagen is the front-end tool that helps us control everything. It is used by tools such as gns3 and eve-ng.
Together the two tools (dynamips and dynagen) allow us to create and emulate REAL router........
When authentication times out that is one thing, but when it just fails like below Asterisk by default will not re-register until you the admin reload the sip or asterisk server:
voipserver*CLI> sip show registry
Host dnsmgr Username Refresh State&........
Just edit your tftp file for xinetd like this:
*Change the IPto be the IPof the interface you want to listen on.
To test if your tftp is available on a certain IP range use nc -u yourip 69 to see if you can still connect (/var/log/messages or /var/log/syslog) should show the connection if it is open.
Oct 13 23:20:34 01 xinetd[26631]: Started working: 1 available servic........
If you've just installed VBox and it is not starting or working, the most common problem is usually that you don't have your kernel source installed, which means there is no kernel driver for vbox so it can't work.
You may get an error that says "Kernel driver not installed" in your Virtualbox.
So the first thing you should do is install your kernel source by running this:
sudo apt-get install linux-headers-`uname -r`........
The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs.
qemu-kvm command:
/usr/libexec/qemu-kvm -version
QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard
........
for ip in `netstat -nt|awk '{ print $5 }'|cut -d ":" -f 1|tail -n +3|sort|uniq`; do
echo $ip;whois $ip|grep -i netname;echo "---------------------------"
done
77.88.47.40
netname: YANDEX-77-88-47
---------------------------
40.77.167.5
------........
First we need to create dhclient.conf if it doesn't exist or edit it:
vi /etc/dhclient/dhclient.conf
#add this line at the top add the IPs as commas they will be the highest priority nameservers and whatever your ISP gives you will be used after these one (good for DNS backup)
prepend domain-name-servers 127.0.0.1,10.10.25.8;
After you restart your network or run dhclient again you should see the contents of........
initiator = client
target = server
These are the first concepts you should understand which is that in iscsi essentially the "initiator" is the client and the "target" is the server.
iSCSI is derived from the old fashioned SCSI that us oldtimers grew to love. The "i" stands for Internet and the SCSI stands for "Small Computers Systems Interface" (SCSI).
iSCSI Target (Server)Setup
targetcli is the pac........
[root@localhost:~] vmkping -I vmk1 10.0.2.69
PING 10.0.2.69 (10.0.2.69): 56 data bytes
sendto() failed (Host is down)
vsphere distributed switch vmotion not working
[root@localhost:~] esxcfg-route -l
VMkernel Routes:
Network Netmask Gateway Interface&........
[root@localhost:~]
BootModuleConfig.sh echo host-ind nfcd........
[root@thetor2017 conf]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: WARNING: MaxClients of 3000 exceeds ServerLimit value of 300 servers,
lowering MaxClients to 300. To increase........
This is most likely to happen on a normal GUI system like Ubuntu or Linux Mint. If you or the user is meant to have sudo / root privileges it is as simple as editing the following files:
Now assume your username is "iamtheuser"
vi /etc/group
adm:x:4:syslog,iamtheuser
sudo:x:27:anotheruser,iamtheuser
Find the above lines and add a comma and "ia........
So I have a domain "testdomain.com".
Inside test domain.com's root is the following .htaccess:
Options +FollowSymLinks -Indexes
ErrorDocument 403 /launch/index.html
Order Deny,Allow
Deny From All
Allow From 192.168.1.2
When you visit anything other than root things work fine. Eg. if you visit http://testdomain.com/somedirfile.html
It will show the right error in /launch/........
order deny,allow
Deny From All
Allow From 8.8.8.8
A simple and quick way to improve security by only allowing specific IPs to your web application.
In this case the above allows only the IP 8.8.8.8 to access things and everything else is denied.........
By default Samba SMB/NMB listen on ANY and ALLIPs on your system by binding to 0.0.0.0. Obviously this is a huge security risk if you have a public facing server with both internal and external access. Usually when a system administrator sets up a samba server their intention is just to share with a LAN.
To do this you need to the following options under the [global] section in smb.conf
bind interfaces only = yes
interfaces = 192........
Sep 12 18:16:25 vps pluto[7299]: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.5.6.2 port 20640, complainant 192.5.6.2: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Some say changing the "leftprotoport=17/%any" will fix this but I have not found this to be the case.
Essentially it means at least one end is blocking the ipsec packets. Sometimes the %any allows an alt........
This is a VIA made VL805 USB 3.0 Chipset with 4-ports and MOLEX powered. First of all this unit was cheap at about only 9 USD with fast shipping. My biggest concern was if this was a quality unit and would it really give you full USB 3.0 speeds (some people reported with similar cards that for some weird r........
Jun 1 15:45:42 videoeditor-desktop org.mate.panel.applet.MintMenuAppletFactory[1882]: project_data:INFO Missing folder chosen by user:
Jun 1 15:45:42 videoeditor-desktop org.mate.panel.applet.MintMenuAppletFactory[1882]: project_data:INFO Removed missing file: MAH02949.MP4
Jun 1 15:45:57 videoeditor-desktop org.mate.panel.applet.MintMenuAppletFactory[1882]: ui_util:WARNING Icon theme media-playback-start not found. Will use backup........
To grant the IP 192.168.2.4 to user mysqlguy
GRANT ALL ON *.* TO 'mysqlguy'@'192.168.2.4';
To allow any IPfor mysqlguy just use the wildcard % character
GRANT ALL ON *.* TO 'mysqlguy'@'%';
Also note it is normal and fine to have multiple entries in the mysql table.........
[Thu Jan 26 14:13:31 2017] [notice] caught SIGTERM, shutting down
[Thu Jan 26 14:14:00 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:00 2017] [error] Server certificate is expired: 'Server-Cert'
[Thu Jan 26 14:14:00 2017] [notice] SSL FIPS mode disabled
[Thu Jan 26 14:14:07 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 26 14:14:07 2017] [error] Server certificate is expired: 'Server-Ce........
In Firefox I cannot connect to any website, proxy is disabled and outside network access is confirmed, no system or manual proxy was set on this Linux Mint/Ubuntu system. Normally this can be caused by proxy or DNS problems and the weird thing is that traceroute and ping to other IPs worked fine but even connecting to sites by IP was not working.
The connection was reset
The connection to the server was reset while the page was loading.........
At first my BIOS said the card may not work right because there is no more option ROM space.
I disabled the Option ROM for both LSI 1068 and 2008 chipsets, Network Boot ROM and most other PCI slots, Serial Port, etc... and the message went away but the card still does not work properly.
But it still cannot initialize the card properly(does not work):
[ 33.943272] NVRM: This PCI I/O region assigned to your NVIDIA device is invalid:........
1.) Flash directly to this file:
http://tomato.groov.pl/download/K26RT-N/build5x-132-EN/Linksys%20E-series/tomato-E2500-NVRAM60K-1.28.RT-N5x-MIPSR2-132-Max.zip
*I was never able to get the larger "Mega" file to work, at least not initially so I recommend the file above.
To enable 5ghz I had to do the "Clear NVRAM" Option before it was shown.
2.) Or if you don't need 5ghz (most devices do not support it and cannot........
[ 2868.041375] ata1: EH in SWNCQ mode,QC:qc_active 0x40 sactive 0x40
[ 2868.041554] ata1: SWNCQ:qc_active 0x40 defer_bits 0x0 last_issue_tag 0x6
[ 2868.041556] dhfis 0x40 dmafis 0x40 sdbfis 0x20
[ 2868.041874] ata1: ATA_REG 0x41 ERR_REG 0x84
[ 2868.042013] ata1: tag : dhfis dmafis sdbfis sactive
[ 2868.042163] ata1: tag 0x6: 1 1 0 1
[ 2868.042301] ata1.00: exception Emask 0x1 SAct 0x40 SErr 0x400000 action 0x6 frozen
[........
If you are getting this error from Pluto/IPSEC it is almost always due to a routing or NAT issue.........
This command rips the audio tracks to .wav files
*I recommend making a new directory with the name of the audio disc first and executing everything from within that directory below.
cdparanoia -B
Use the lame mp3 encoder to encode each one with this script:
*Note that this will encode any other files ending in "cdda.wav"
for track in `ls *cdda.wav`; do lame -b 192 $track; done........
Dell CS24SC Info
0000:00:00.0 Host bridge: Intel Corporation 5100 Chipset Memory Controller Hub (rev 90)
0000:00:02.0 PCI bridge: Intel Corporation 5100 Chipset PCI Express x8 Port 2-3 (rev 90)
0000:00:03.0 PCI bridge: Intel Corporation 5100 Chipset PCI Express x4 Port 3 (rev 90)
0000:00:04.0 PCI bridge: Intel Corporation 5100 Chipset PCI Express x16 Port 4-7 (rev 90)
0000:00:05.0 PCI bridge: Intel Corporation 5100 Chipset PCI Express x4 Port 5 (rev 90)........
0000:00:00.0 Host bridge: Intel Corporation 5000P Chipset Memory Controller Hub (rev b1)
0000:00:02.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 Port 2-3 (rev b1)
0000:00:03.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 Port 3 (rev b1)
0000:00:04.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 Port 4-5 (rev b1)
0000:00:05.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4........
It's a basic script that reads the file "ips.txt" in the current directory and then creates a corresponding ifcfg file
#!/bin/bash
GATEWAY=192.168.1.1
NETMASK=255.255.255.0
device=eth0
counter=0
for ips in `cat ips.txt`; do........
Apr 17 11:55:47 Cluster01 heartbeat: [1426]: WARN: ha_msg_add_nv_depth: line doesn't contain '='
Apr 17 11:55:47 Cluster01 heartbeat: [1426]: info: >>>
Apr 17 11:55:47 Cluster01 heartbeat: [1426]: ERROR: NV failure (msgfromsteam): [>>>
]
I have never been able to reproduce the above but it happened on heartbeat-3.04-2 when Itook a node down for testing.
One thing Ibelieve caused it was by configuring ha.cf........
I was worried the server was hacked, I was logged in already as root but couldn't login to CPanel or a new SSHsession. I even reset the password from the shell and it did not work still.
The reason is CPanel Hulk, it detected a brute-force attack so it locked down the root account entirely even from the correct password. According to cPanel the best way around this is to whitelist your IP.........
ssh -L 5905:localhost:5900 root@yourserver.com
The "-L" means to create a port forward to a port on your server.
The 5905 means the port on your computer that will be used to access the port 5900 on the remote server.
localhost is the IP that you use to access the port forward (you can change it to 0.0.0.0 which will be all IPs on your system/computer but localhost is good for security and privacy unless a whole network of people need access).........
Go to:
"Server Configuration" -> Basic cPanel & WHM Setup
Scroll to: "Nameservers" (at the bottom)
From there you can set the names of the nameserver and their IPs.
It's very weird and confusing that nothing under IP Functions/DNS has or links to this.........
order deny,allow
deny from all
allow from your.ip.here
........
Dell CS24-NV7
Unusually the Virtualization was enabled when I got this server but all the NICs were diabled in the BIOS including PXE boot!
Advanced -> Advanced Chipset Control
PCI Slot 1 Option ROM: Enabled
Onboard LAN1 Control: Enabled
LAN1 Option ROM Scan: Enabled (you need it for PXE boot)
Onboard LAN2 Control: Enabled
LAN2 Option ROM Scan: Enabled
*you will need to reboot and........
Iread this article and still don't understand the issue.
If I understand correctly the client negotiates after the first SSLconnection and then gets the correct hostname and thus correct certificate.
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
To their credit I know I'm not using SNIbecuase Iget this message in the Apache log :)
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
B........
Istruggled with this for awhile because the normal setup won't work if modrewrite is being used:
ORDER ALLOW, DENY
So the solution is something like this:
order allow,deny
deny from 12.43.12.0/24
allow from all
........
relay=alt4.gmail-smtp-in.l.google.com. [74.125.136.26], dsn=4.0.0, stat=Deferred: 421-4.7.0 [ 10] Our system has detected an unusual rate of
This is strange because the mail server IP is not blacklisted anywhere and the IP itself has not been used for years and this server is clean and has only sent a few e-mails to gmail.com in its entire time.
I wonder if this is a legacy block on a whole range of IPs as punishment for others in the block........
I bricked one of my cards by following a guide from UNRAID.
Step #1 from them wipes out the BIOS, but guess what? The step where you restore the BIOS should have been done first, which is sas2flash but no version supports or is able to find my Perc 6/i. So now I'm a bit stuck.
I tried using megarec but it's funny that it can wipe the BIOS but can't forcefully reload it:
megarec -writesbr 0 mpt2sas.rom
Supports 1078 control........
One thing to remember is that you need MegaCli to do the flashing.
You also need the correct file,I tried at least 2 different Perc 6 firmwares from Dell that kept getting rejected as corrupt by MegaCli(they were really the wrong version). I have an external PCI-E Dell 6 Perc/I butI chose images from the 'Integrated" on motherboard version as it was allI could find. They are different, and below is my first time finding success.........
LSi Megaraid
At first it was configured as a RAID 0, then I deleted the Virtual Disk Group.
I thought both drives would be shown and detected in Linux as sda and sdb but it actually shows nothing.
To make them work you have to hit Ctrl+R before the system boots (when prompted) and create a Virtual Disk Group. In my case I created each one as RAID 0 (with a single drive only) as I just wanted JBOD but there is no such option or default in these Dell Pe........
The Cause
Basically it's usually because your Cpanel has new IPs and the old IPs it knows are no longer available/working/valid.
The solution is to change the site's IP but you may run into issues for various reasons. Here is what I encountered below.
It redirects there even though public_html is empty and doesn't have any index or htaccess redirect.
---
This issue happened after a CPanel migration, the site is bein........
This is important if you need public access to internal IPs such as at your office and don't want to use a VPN just to SSHinto different servers:
Below forwards the port "10001" to the IP192.200.5.53 on port 22 (of course adjust it to your needs).
iptables -t nat -A PREROUTING -p tcp --dport 10001 -j DNAT --to-destination 192.200.5.53:22
Remember to enable MASQUERADE on your NAT IPs or they won't be able to talk to the outside world (........
Client Log
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.253 [192.168.1.253] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_d........
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)
For whatever reason it seems the r8169 driver that ships and has shipped with most Linux distros for years is still flawed and does not work properly on these cards, causing 100mbit connectivity when it should be 1gbit and even worse, causing random network dropouts. The r8169 driver in Linux kernels is simply not meant to be used on th........
There are 3 pieces that are required to restore and make it work (of course consider if any kernel modules need to re-enabled and if you need to change the IPs):
Copy the vz/private/VEID directory to /vz/private
Copy the /etc/vz/conf/VEID.conf to /etc/vz/conf/
mkdir /vz/root/VEID
After that you should be able to see the VE in vzlist -a
You should then be able to start it normally.........
This is something I often setup for clients because it's very helpful for people in datacenters, this allows custom OS installs on demand, you can customize it more by using kickstart etc.. but here's a base I use before customizing more:
This little script below will install everything you need to get booting by PXE Linux.
It also assumes you set a local IP (be sure not to overwrite your existing IP) on eth0:0 (note the :0) as 192.168.1.10 and it........
A lot of people become nervous (and understandably so) when checking their auth or security logs, in Centos /var/log/secure and see dozens, hundreds of even thousands of attempted logins to various services, especially SSH.
Of course you could manually block these people/IPs but no one has time to read the logs like that, what if some program or script could do it for you?
This is what denyhosts does for you, it checks the logs and based on a certain number of failed SSH attem........
I used the suggested script to bridge from OpenVPN and it took my client's server off-line! Don't ever use their "sample" scripts if you don't have another way of accessing the server than SSH.
I actually found it easier to use iptables to tell it to route IPs based on a certain subnet to route through eth0:
iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE
Replace "192.168.200.0/24" with your subnet of cour........
My mother needed a new laptop and I recommended her the same one I would have bought myself or my wife, that means the cheapest possible laptop with the most features for the money.
This HP shines at this price point and one thing that made me stay away from buying more and recommending HP/Compaq was the poor battery life. Not anymore, this model has an industry leading up to 4 hours of battery life.
Key Factors for Choosing It:
HDMI Out........
I don't expect this to be solved soon but some of Yahoo's DNS servers are out of whack. I changed the IPs of some nameservers of some domains and now most Yahoo users can't e-mail to those domains!
As you can see below by the "No MX or A records for mychangedomain.com", now Yahoo's DNS/mailserver DNS cache is wrong. You would think they would at least have cached the old incorrect records, but instead for some reason their DNS cache has no entry and doesn't seem........
Basically you should always be 100% sure that whatever IPyour mail server sends out with has reverse DNS/PTR records. Remember that unless you own your IPs then you won't be able to set your own reverse DNS. Even if you were to create a reverse PTR record on your DNS servers it will be ignored. Reverse DNS is queried to pre-assigned DNS servers of your ISP, so therefore you'll need to contact your ISP/Colo/Hosting provider to do a reverse DNS entry.
If you don't have........
I think this will be useful to others because I have a server that kept crashing mysteriously during intense disk usage/RAID checks. It would only crash during the weekly RAID integrity check.
ThenI noticed during a reboot that not all CPUs were being brought up, as a result this actually creates much higher temperatures with the output I got from sensors, just booting the system produced higher than normal temperatures.
You can imagine that a full blown RAID check........
One of the purposes of rsync is to backup whole filesystems and archive them but how can you do that properly and restore things to normal if all permissions and ownerships are not preserved from your root filesystem?
It's not desirable to have everything running as root, especially not just for an rsync.
The Easy rsync preserve permission solution for non-root users
sudo is the answer and all you have to do is edit /etc/sudoers
At the end o........
yum exits in the middle
The problem is this VPS seems to be an OpenVZ template from HyperVM. The only way to make it work was to disable i386 packages since this was an x64 kernel. That shouldn't be necessary but it was the only way to make yum stop quitting after the first package or two. I couldn't find any issue by checking the logs either.
echo y|yum install vim-minimal telnet expect jwhois net-tools slocate iptables elinks gawk
L........
Subnet Mask Lengths / Quick Reference
This is for when you say how many IPs would be in a /20 or /24
Now instead of doing math just remember this table or visit here more often :)
/32
1 IP Address(es)
/31
2 IP Address(es)........
/usr/local/cpanel/bin/swapip domain(s)
It simply doesn't work, the Apache VHOSTS remain 100% unchanged, why does this script exist? I'm sure it would work from the control panel but I am locked out because my IP was changed and it doesn't match the CPanel license. I wish CPanel would make it easier to update the license IP.
I even took it a step farther, I manually edited the vhosts and restarted Apache and it........
Always make a backup of the original file before trying this, I find this kind of thing when updating IPs etc.. to use a script.
Where the old IP is "192.168.5.8" and the new IP is "10.10.5.8"
sed -i s/192.168.5.8/10.10.5.8/g testdomain.org.db
The -i with sed means "inline" meaning we edit the file directly, but without the -i we could just use >and output the results to another file or do whatever else we wanted.........
This is obviously a bug in the r8169 kernel module and it seems to affect a lot of people. I upgraded to the latest kernel and hope this won't happen anymore, as it is a very serious error. This is especially serious for those who are running servers with this chipset, who can afford for the NIC to randomly go off-line for no apparent reason?
[655548.189113] type=1505 audit(1277067560.902:5): operation="profile_load" name="/usr/bin/freshclam&q........
I've recently used CPanel on the admin side for the first time and have to say I hate it. Everything from the layout to the functionality screams "hackish". It just lacks so many common sense features and way of working.
I was never 100% impressed with Plesk but the basics were definitely laid out and done in a sensible manner, even though it is made by a Russian company, they definitely thought about how to make a Control Panel.
I have no idea why people........
Basically the two main types of distros are Debian and RHEL/Centos based. I'm just going to give a quick overview of how the configuration of IP interfaces works in Debian/Centos based distros.
*Just one thing to remember, when setting IPs statically you have to manually specify a DNS server in /etc/resolv.conf (since DHCP is what normally does it automatically)
Debian/Ubuntu/Kubuntu/MEPIS
The IP (DHCP &........
Do you have an LGA1156 board and wonder why your onboard video isn't working? It's probably because there is no GPU integrated on the board itself, it is supposed to be on the CPU and new CPU's from Intel don't come with it!
I was shocked to learn that you can buy a motherboard with onboard video which doesn't work. Inever knew it was being done or possible, but to make it worse the latest Core i5's don't have video on the die of the CPU.
This means having on........
This was unbelievable how much the Xen kernel slows things down, keep in mind both tests were done on the hostnode, one was with the Openvz-Xen hybrid kernel and the other was just OpenVZ. You can see the performance difference is nearly 300% better when not using the Xen kernel.
OpenVZ-Xen Kernel Test Results (I was wondering what was wrong/so slow with my Core i5!)
# # # # # #&n........
Here are the results, it is Sempron 3000+ AMD Mobile, 500Gig HDD, 512MB RAM with shared ATI Radeon graphics.
# # # # # # # ##### ###### # # #### # #
# # ## # # # #&nb........
PHP cannot access /usr/bin/opensslI have verified the username that runs the process is able to access /usr/bin/openssl and it does exist but the PHP script is saying it doesn't exist:
[code:1:1fd0f3abbe]
if (!file_exists($OPENSSL)) {
//echo "ERROR: OPENSSL $OPENSSL not foundn";
}[/code:1:1fd0f3abbe]
I don't get itI can clearly see the contents of /usr/bin by using the PHP system fu........
Upgrade Release Kernel TipsThis is for CentOS 3.1 to 3.8 but the methodology will apply everywhere.
I ran into a problem first of all with a non-booting system after running
#yum update centos-release
It took me to 3.8 and upgraded all the other packages [b:7e931c835d]BUT[/b:7e931c835d]
because of some stupid flags enabled in /etc/yum.conf the KERNEL WASN'T UPGRADED SO AFTER BOOTING, WELL IT DIDN'T BOOT OF COURSE :)
H........
E-mail (Thunderbird) with GnuPG encryptionThis is great tool for Mozilla Thunderbird which allows you to encrypt your e-mails so only you and the receiver can view it even if the e-mail is intercepting or obtained by another person.
The only small catch is that you of course have to install an extension to Thunderbird and then configure each account you want to use it with. Really it can probably all be done in a few minutes and the effort is worth it.........
Intel's Finnish FetishIntel's Finnish Fetish
By Dave Mock
June 13, 2005
Chipmaker Intel (NASDAQ: INTC) has successfully topped the personal computer market for decades. Breaking into related areas such as communications has been much difficult for the world's largest semiconductor maker. But a new partnership with Nokia (NYSE: NOK) could help to change that.
Intel's forays into cellular-phone and home-entertaiment-device chips have........
Basic Port ListingHopefully someone finds this useful or at least interesting.
http://www.sans.org/top20/#u9
Name Port Protocol Description
Small services ........
Inever saved any of the logs, but basically no matter what OS (Linux)I used, I could not get my 1000GB hard drive to work (Seagate SATA). The BIOS recognizes the drive and fdisk -l shows the hard drive as it should.
The tricky thing is that different OS's will give you different results, but don't be fooled. You can't use these larger drives for long. Iwas getting all kinds of seek/IOerrors and also messages that the port could not be read.........
This is the Intel Atom 330 motherboard with integrated Realtek Gigabit NIC (Intel Desktop Board D945GCLF2 Motherboard W/ Atom 330 1.6 GHz Dual Core Processor - Mini-ITX)
I cannot achieve more than 15 MB/s, even doing a local transfer through eth0 to it's own IP.
100% 95MB 15.9MB/s 00:06
So this is not a cabling, switch or hardware issue, it seems like a driver or chipset limitation problem.
Here is my........