Recent Questions - Server Fault

---

• site2site wireguard with docker : routing problems
• OpenVidu/Kurento: Unable to create media pipeline for session
• finding which tier 1 or isp to connect to to reduce latency
• How do I configure routing for non-knative service in a Knative & Istio installed k8 cluster?
• Double check if an SSH account is SFTP-only and chrooted
• nginx: Use of proxy_set_header results in failed upstream connections
• Nginx location matching with regex year/month/day/*
• Amavis and Spamassassin error with '.pre' files (using iRedMail)
• Filesystem to protect the storage medium
• Kubernetes network polices are not enforced unless the network-plugin daemon-sets are restarted. Why?
• Cannot ping succesfully from PC to another PC
• cisco sg550X support m-lag and
• Strongswan to Cisco ASA with multiple right subnet
• Virtnetwork Cannot Start Virtualizor KVM
• Windows 10 arp cache getting stuck after failed attempts when target machines are offline
• How to extract specific emails from Exchange Online using PowerShell and move or sort them?
• logoff sessions except console
• Ubuntu 14.04 can only access outside networks if using DHCP, not static IPs
• Raid 10, Logical device are missing
• nginx sending incomplete response
• On a system with 64GB mem the Linux Buffer run full while copying with dd to dev null and io stops till manual drop_caches
• Connection refused HTTPS on Apache
• installed post-installation script returned error exit status 1
• Running su with -c gives unrecognized command error
• What would cause a PHP app to segfault intermittently under load?
• Publishing a web app listening on two different ports with TMG
• iptables forwarding a port between 2 networks with 2 ethernet cards
• SSH connection gives no prompt, unresponsive
• asterisk system function not working in dialplan
• IIS Admin Service stuck at "Starting" status

site2site wireguard with docker : routing problems Posted: 13 Jun 2021 02:08 AM PDT Disclaimer: repost from stackoverflow: https://stackoverflow.com/questions/67917278/site2site-wireguard-with-docker-routing-problems I am trying to have two containers, running on two RPI, act as a site-to-site VPN between Network 1 and Network 2. With the setup below, I am able to ping from within the container each other network: from docker container 1 I can ping an address 192.168.1.1 from docker container 2 I can ping the address 192.168.10.1 But if I try to ping 192.168.1.1 from the System1 host (192.168.10.100) I have errors (see below image to visualize what I am trying to do). I understand I have to add a static route on system1 host (192.168.10.100) to direct the traffic for 192.168.1.0/24 through the wireguard container (172.17.0.5), thus I run: $i p route add 192.168.1.0/24 via 172.17.0.5 $ ip route default via 192.168.10.1 dev eth0 proto dhcp src 192.168.10.100 metric 100 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 172.18.0.0/16 dev br-e19a4f1b7646 proto kernel scope link src 172.18.0.1 linkdown 172.19.0.0/16 dev br-19684dacea29 proto kernel scope link src 172.19.0.1 172.20.0.0/16 dev br-446863cf7cef proto kernel scope link src 172.20.0.1 172.21.0.0/16 dev br-6800ed9b4dd6 proto kernel scope link src 172.21.0.1 linkdown 172.22.0.0/16 dev br-8f8f439a7a28 proto kernel scope link src 172.22.0.1 linkdown 192.168.1.0/24 via 172.17.0.5 dev docker0 192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.100 192.168.10.1 dev eth0 proto dhcp scope link src 192.168.10.100 metric 100 but the ping to 192.168.1.1 still fails. by running tcpdump on the container 2 I see that some packets are indeed reaching the container : root@936de7c0d7eb:/# tcpdump -n -i any tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 10:11:19.885845 IP [publicIPsystem1].56200 > 172.17.0.6.56100: UDP, length 128 10:11:30.440764 IP 172.17.0.6.56100 > [publicIPsystem1].56200: UDP, length 32 10:11:35.480625 ARP, Request who-has 172.17.0.1 tell 172.17.0.6, length 28 10:11:35.480755 ARP, Reply 172.17.0.1 is-at 02:42:24:e5:ac:38, length 28 so I guess it is not a routing problem on system 1. Can anyone tell me how to diagnose this further? Site 1 Site 2 Network 1 IP range 192.168.10.0/24 192.168.1.0/24 host system address 192.168.10.100 192.168.1.100 bridge docker0 range 172.17.0.0/16 172.17.0.0/16 container address 172.17.0.5 172.17.0.6 System 1 - wg0.conf [Interface] Address = 10.13.18.2 PrivateKey = *privatekey* ListenPort = 56200 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = *publickey* Endpoint = *system2address*:56100 AllowedIPs = 10.13.18.1/32 , 192.168.1.0/24 System 2 - wg0.conf [Interface] Address = 10.13.18.1 ListenPort = 56100 PrivateKey = *privatekey* PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] # peer_casaleuven PublicKey = *publickey* AllowedIPs = 10.13.18.2/32 , 192.168.10.0/24 Endpoint = *system1address*:56200

OpenVidu/Kurento: Unable to create media pipeline for session Posted: 13 Jun 2021 12:22 AM PDT Our OV 2.17.0 on premises (Ubuntu 18 server) works well for a while (a day or two), then stop working. I can create a new session, etc using REST, but any attempt to join newly created session failed with the server event "unable to create media pipeline for session XXX". Restart the server helps. Then it works for another 2 days and everything repeats. I also see that all old sessions stay in memory (I have 10-11 sessions after the crash), although it's obvious that at that moment no connections were made to them for hours. I expected based on the another thread in this forum, that old sessions should be auto-destroyed. Not sure if that connected to the issue I'm facing. Please find the logs of both Kurento and OpenVidu here. Logs were recorded after the moment when server was failed for a while, before the restart.

finding which tier 1 or isp to connect to to reduce latency Posted: 12 Jun 2021 10:40 PM PDT I am looking to connect to 4 location p,q,r,s. I a ntrying to find the set of locations where I should connect to (isp or pop) to minimize latency . Is it lower latency to connect to a tier 1 network which would connect to 4 ip p,p,r,s ? Is there a lower latency path to connect p,q,r,s through a tier 2 network ? how do I find this?

How do I configure routing for non-knative service in a Knative & Istio installed k8 cluster? Posted: 12 Jun 2021 09:23 PM PDT I have a Knative installed with Istio as networking layer (without injection) The kubernetes cluster is using Istio ingress gateway as default ingress. Most Knative service's routing are managed automatically by Knative & Istio. However I am trying to run a nifi native kubernetes services on the same cluster, how do I setup the ingress configuration on Istio ingress gateway for the services. Any reference to share? Or is it possible to setup 2 ingress (1 Istio, 1 nginx) in the cluster, and have the native k8 service uses the nginx ingress? I'm doing that cause istio is quite new to me and Knative abstracted the Istio networking element when deploying knative services but not the native k8 services. Hope my question makes sense. Thank you.

Double check if an SSH account is SFTP-only and chrooted Posted: 12 Jun 2021 08:07 PM PDT Note that this question is not about how to do chroot or make an account SFTP only. The question is about whether there are specific ways for a sysadmin to check if a chrooted and SFTP-only account is correctly set. Usually I do chroot or SFTP-only settings following some online resources such as this one: https://wiki.archlinux.org/title/SFTP_chroot. But the issue is, unlike simply changing an option from No to Yes in a configuration file, I need to complete multiple steps to finish the chroot or SFTP-only settings. Since this is such a fundamentally important security setting, I am always thinking: Is my configuration correct? Do I miss something minor but critical? Currently what I am doing to verify the correctness is very simple: To validate an account is SFTP-only, I just try to login as a normal user and see if I can see a This service allows sftp connections only. message and get rejected. To validate an account is properly chrooted, I login as an SFTP user and check if I can switch to a directory which the account is not supposed to get in (usually I just double-click many many times the .. item at the top of a file list on an SFTP client's GUI). Are these two things the only things a sysadmin needs to do to be 100% sure that the settings are correct?

nginx: Use of proxy_set_header results in failed upstream connections Posted: 12 Jun 2021 08:02 PM PDT I have a very basic nginx reverse proxy setup for openstreetmaps: worker_processes 1; error_log logs/error.log notice; pid logs/nginx.pid; events { worker_connections 1024; } http { postpone_output 0; log_format logresponsetime '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time'; access_log logs/access.log logresponsetime; resolver 192.168.0.1 ipv6=off; #default proxy settings: proxy_http_version 1.1; proxy_set_header Connection ""; proxy_read_timeout 600; proxy_ssl_server_name on; upstream tile.openstreetmap.org { server tile.openstreetmap.org:443; keepalive 10; keepalive_time 5m; } server { listen 480; access_log logs/osm.http.access.log logresponsetime; server_name $hostname; location / { resolver 192.168.0.1 ipv6=off; proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36"; proxy_pass https://tile.openstreetmap.org; } } } There is a line to set User-Agent header because OSM requires it and I need compatibility with a client that doesn't send a user agent string. However, when nginx sets this header, approximately 10% of requests fail (nginx returns 502 to client), and my nginx error log fills up with this: 2021/06/13 14:37:49 [error] 67240#87020: *71 connect() failed (10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond) while connecting to upstream, client: 127.0.0.1, server: server, request: "GET /16/64153/41313.png HTTP/1.1", upstream: "https://151.101.166.217:443/16/64153/41313.png", host: "localhost:480" Without the proxy_set_header, everything is fine. The requests in this case are all being made from chrome, so the User-Agent as seen by the OSM servers should be the same in both cases. nginx version is 1.19.10 (windows). What am I doing wrong?

Nginx location matching with regex year/month/day/* Posted: 13 Jun 2021 12:03 AM PDT I have some old url pattern to redirect to new location in nginx. A typical clean url looks like example.com/2021/06/13/78676.html?.. Im roughly trying to match number of digit in each block like: location ~ "^[0-9]{4}/[0-9]{2}/[0-9]{2}/([0-9]+).html" { rewrite ^ /archive.php?q=$1; } Where exactly Im going wrong please..

Amavis and Spamassassin error with '.pre' files (using iRedMail) Posted: 12 Jun 2021 11:30 PM PDT I installed iRedMail which would install amavis and spamassassin. When I test sending and receiving email, I have an error in the /var/log/mail.log, I see this line of error: postfix/amavis/smtp[14582]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused when I run this line: $sudo amavisd-new debug I see at the end of the output: files are in the config directory.\nAt a minimum, v320.pre loads the Check plugin which is required. Jun 12 11:58:25.764 mail.example.com /usr/sbin/amavisd-new[20040]: sd_notify (no socket): STOPPING=1\nSTATUS=TROUBLE in pre_loop_hook: Timeout::_run: check: no loaded plugin implements 'check_main': cannot scan!\nCheck that the necessary '.pre' files are in the config directory.\nAt a minimum, v320.pre loads the Check plugin which is required. Jun 12 11:58:25.764 mail.example.com /usr/sbin/amavisd-new[20040]: (!)_DIE: Suicide () TROUBLE in pre_loop_hook: Timeout::_run: check: no loaded plugin implements 'check_main': cannot scan!\nCheck that the necessary '.pre' files are in the config directory.\nAt a minimum, v320.pre loads the Check plugin which is required. Suicide () TROUBLE in pre_loop_hook: Timeout::_run: check: no loaded plugin implements 'check_main': cannot scan! Check that the necessary '.pre' files are in the config directory. At a minimum, v320.pre loads the Check plugin which is required. This is also the output of $spamassassin --lint -D: Timeout::_run: check: no loaded plugin implements 'check_main': cannot scan! Check that the necessary '.pre' files are in the config directory. At a minimum, v320.pre loads the Check plugin which is required I looked up in the /etc/mail/spamassassin directory and I can't see any '.pre' files in it. I also searched for v320.pre file using this: $sudo find / -iname v320.pre with no result. If I disbale the amavis using: $sudo nano /etc/amavis/conf.d/50-user and changing these two lines: @bypass_virus_checks_maps = (1); @bypass_spam_checks_maps = (1); and then restarting the service: $sudo systemctl restart amavis and then processing the mail queue: $postqueue -f the mail server would work perfectly fine! So it is obvious that I should put some '.pre' files in the /etc/mail/spamassassin directory. I found out that there are some '.pre' files in this url: https://apache.googlesource.com/spamassassin/+/trunk/rules My question is: Is it safe to download these files and put them in my directory? Or in general where can I find '.pre' files or generate them?

Filesystem to protect the storage medium Posted: 12 Jun 2021 07:15 PM PDT I'm working on an embedded system which will act as a server, the problem is the environment where it will run is so aggressive and it will suffer abrupt power interruptions. So I'm planning to mount the root filesystem as fake-writable using OverlayFS. The idea comes from RaspberryPi, where the devs have a mechanism to enable/disable the mounting of rootfs as OverlayFS (as you can see it can be enabled by using raspi-config script) My question is ... would this help to protect the physical device from corruption? Or even the filesystem itself? My idea is to extend the life of the physical device and I think I can do this avoiding write operations, but the system cannot be purely read-only because some programs need to see the FS as writable, that's why I'm thinking in OverlayFS. What do you think? Do you have some other idea on how to tackle this problem? Thank you all. PS: The system I have to use is Debian Buster.

Kubernetes network polices are not enforced unless the network-plugin daemon-sets are restarted. Why? Posted: 13 Jun 2021 02:42 AM PDT I have only one network policy in my cluster in prod namespace that allows only ingress rules. The network plugin is weave-net. No rules are configured for Egress so I am expecting egress traffic will be blocked. But until I restart the network daemon-set pods the rule has no effect. I know by best practices I should have default ingress and egress rules. But I want to understand the reason of this behavior. Is this step always required to restart the network-plugin pods? 1. Network Policy Definition apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: prod spec: ingress: - {} podSelector: matchLabels: run: prod-nginx policyTypes: - Ingress - Egress 2. Checking the netpol object Name: test-network-policy Namespace: prod Created on: 2021-06-06 10:16:50 +0000 UTC Labels: <none> Annotations: <none> Spec: PodSelector: run=prod-nginx Allowing ingress traffic: To Port: <any> (traffic allowed to all ports) From: <any> (traffic not restricted by source) Allowing egress traffic: <none> (Selected pods are isolated for egress connectivity) Policy Types: Ingress, Egress 3. Testing egress traffic to nginx server (This is unexpected to my understanding) Note: 10.39.0.5 is the IP of the nginx server running in 'test' namespace Command : kubectl -n prod exec -it prod-nginx -- curl http://10.39.0.5 | grep successfully #egress Response: <p>If you see this page, the nginx web server is successfully installed and 4. Restarted the weave-net pods 5. Retesting egress connection to same nginx server (expected) Note: 10.39.0.5 is the IP of the nginx server running in 'test' namespace Command: kubectl -n prod exec -it prod-nginx -- curl http://10.39.0.5 | grep successfully #egress** Response: No connection

Cannot ping succesfully from PC to another PC Posted: 13 Jun 2021 02:21 AM PDT here is the image of the topologyhttps://mega.nz/file/xWpXmC5K#fchoMl5TjGyfIJTTpxMgiOqUdw5qERxtGAUj0XTg2HI Here is my file of my cisco packet tracer project where I configured routers, PCs Ip addresses, masks, exit gateways but I still can't ping from PC to the other PC where is the problem? When I tried it I succesfully pinged to the first router but when I tried to ping to the second router it was failed. here is the image of the topology

cisco sg550X support m-lag and Posted: 13 Jun 2021 02:29 AM PDT Please tell me Support MC-LAG (Multichassis Link Aggregation Groups) model cisco sg550x? can i use at the same time in stack for example: 1/1-2/1: M-LAG (LAG1) and 1/19-2/20,1/20-2/19: for stack ports in LAG2(or in stack ports LAG not needed and works automatically) I want to buy sg550X, but dont know function support. can look at Cisco C9300-24UX-E(M-LAG, StackWise-480)?

Strongswan to Cisco ASA with multiple right subnet Posted: 12 Jun 2021 08:03 PM PDT I've got an ikev2 tunnel up, initiated on the left from an ubuntu box with strongswan going to a cisco asa. Using ASA to ASA multiple networks work but I can not get it with strongswan. #config setup # strictcrlpolicy=yes # uniqueids = no config setup charondebug="all" uniqueids=yes strictcrlpolicy=yes # Add connections here. conn host2 left=8.8.8.8 #Changed from real for this example leftsubnet=172.27.1.0/20 right=8.8.4.4 # changed rightsubnet=192.168.1.0/24,192.168.2.0/24 ike=aes256-sha512-modp2048s256 esp=aes256-sha512 keyingtries=0 ikelifetime=1h lifetime=8h dpddelay=30 dpdtimeout=120 dpdaction=restart authby=secret auto=add keyexchange=ikev2 type=tunnel after connecting: ip xfm policy src 192.168.1.0/24 dst 8.8.8.8/32 dir fwd priority 185664 tmpl src 4.4.4.4 dst 8.8.8.8 proto esp reqid 1 mode tunnel src 192.168.1.0/24 dst 8.8.8.8/32 dir in priority 185664 tmpl src 4.4.4.4 dst 8.8.8.8 proto esp reqid 1 mode tunnel src 8.8.8.8/32 dst 192.168.1.0/24 dir out priority 185664 tmpl src 8.8.8.8 dst 4.4.4.4 proto esp reqid 1 mode tunnel src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 src ::/0 dst ::/0 socket in priority 0 src ::/0 dst ::/0 socket out priority 0 src ::/0 dst ::/0 socket in priority 0 src ::/0 dst ::/0 socket out priority 0 $ipsec statusall Status of IKE charon daemon (strongSwan 5.5.1, Linux 4.13.0-37-generic, x86_64): uptime: 119 seconds, since Mar 23 09:08:33 2018 malloc: sbrk 2297856, mmap 532480, used 1224384, free 1073472 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 loaded plugins: charon test-vectors unbound ldap pkcs11 aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem gcrypt af-alg fips-prf gmp chapoly xcbc cmac hmac ctr ccm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity Listening IP addresses: 8.8.8.8 172.27.1.3 Connections: host2: 8.8.8.8...4.4.4.4 IKEv2 host2: local: [8.8.8.8] uses pre-shared key authentication host2: remote: [4.4.4.4] uses pre-shared key authentication host2: child: 8.8.8.8/32 === 192.168.1.0/24 192.168.2.0/24 TUNNEL Security Associations (1 up, 0 connecting): host2[1]: ESTABLISHED 115 seconds ago, 8.8.8.8[8.8.8.8]...4.4.4.4[4.4.4.4] host2[1]: IKEv2 SPIs: 1f4ce050e3e482ac_i* 35d68fd4c114ef25_r, pre-shared key reauthentication in 2 hours host2[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048_256 host2{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: ca77e9b9_i a6993362_o host2{1}: AES_CBC_256/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 40 minutes host2{1}: 8.8.8.8/32 === 192.168.2.0/24 The ASA after successful connection: asa-fw1# show crypto ipsec sa peer 8.8.4.4 | include ident local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (172.27.1.0/255.255.240.0/0/0) And a different tunnel between 2 ASAs: local ident (addr/mask/prot/port): (10.1.2.0/255.255.255.252/0/0) remote ident (addr/mask/prot/port) : (192.168.10.2/255.255.255.255/0/0) local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.10.2/255.255.255.255/0/0) local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.10.2/255.255.255.255/0/0) local ident (addr/mask/prot/port): (192.168.4.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.10.2/255.255.255.255/0/0) I have also tried putting additional right subnets on their own, such as follows: conn host2 left=8.8.8.8 #Changed from real for this example leftsubnet=172.27.1.0/20 right=4.4.4.4 # changed rightsubnet=192.168.1.0/24 ike=aes256-sha512-modp2048s256 esp=aes256-sha512 keyingtries=0 ikelifetime=1h lifetime=8h dpddelay=30 dpdtimeout=120 dpdaction=restart authby=secret auto=add keyexchange=ikev2 type=tunnel conn host2-2 also=host2 rightsubnet=192.168.2.0/24 after connection: $ipsec statusall Status of IKE charon daemon (strongSwan 5.5.1, Linux 4.13.0-37-generic, x86_64): uptime: 52 seconds, since Mar 23 09:02:22 2018 malloc: sbrk 2293760, mmap 532480, used 1203936, free 1089824 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 loaded plugins: charon test-vectors unbound ldap pkcs11 aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem gcrypt af-alg fips-prf gmp chapoly xcbc cmac hmac ctr ccm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity Listening IP addresses: 8.8.8.8 172.27.1.3 Connections: host2: 8.8.8.8...4.4.4.4 IKEv2 host2: local: [8.8.8.8] uses pre-shared key authentication host2: remote: [4.4.4.4] uses pre-shared key authentication host2: child: 8.8.8.8/32 === 192.168.1.0/24 TUNNEL host2-2: child: 8.8.8.8/32 === 192.168.2.0/24 TUNNEL Security Associations (1 up, 0 connecting): host2[1]: ESTABLISHED 50 seconds ago, 8.8.8.8[8.8.8.8]...4.4.4.4[4.4.4.4] host2[1]: IKEv2 SPIs: 98cf15596219b433_i* 8177dc2c8f0605d8_r, pre-shared key reauthentication in 2 hours host2[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048_256 host2-2{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: ccc8bf25_i 1cec9278_o host2-2{1}: AES_CBC_256/HMAC_SHA1_96, 336 bytes_i (4 pkts, 40s ago), 336 bytes_o (4 pkts, 40s ago), rekeying in 41 minutes host2-2{1}: 8.8.8.8/32 === 192.168.2.0/24 and the ip xfrm policy: src 192.168.2.0/24 dst 8.8.8.8/32 dir fwd priority 185664 tmpl src 4.4.4.4 dst 8.8.8.8 proto esp reqid 1 mode tunnel src 192.168.2.0/24 dst 8.8.8.8/32 dir in priority 185664 tmpl src 4.4.4.4 dst 8.8.8.8 proto esp reqid 1 mode tunnel src 8.8.8.8/32 dst 192.168.2.0/24 dir out priority 185664 tmpl src 8.8.8.8 dst 4.4.4.4 proto esp reqid 1 mode tunnel src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 src ::/0 dst ::/0 socket in priority 0 src ::/0 dst ::/0 socket out priority 0 src ::/0 dst ::/0 socket in priority 0 src ::/0 dst ::/0 socket out priority 0 When using the above method, I can access 192.168.2.0 but no longer 192.168.1.0 Regardless, the xfrm policy is the same, and i can only access 192.168.2.0/24 I've tried generating traffic to the subnets without success. Can anyone help determine why I can only access ONE remote subnet on the right side?

Virtnetwork Cannot Start Virtualizor KVM Posted: 13 Jun 2021 12:05 AM PDT I have a problem with my virtnetwork. I have set the correct network interface on master setting Virtualizor but it said /etc/sysconfig/: error fetching interface information: Device not found Error: No ip address found. when I try to run service virtnetwork start Does anyone can help me? Here is my network interface "ifcfg-ens9" NAME="ens9" DEVICE="ens9" ONBOOT=yes NETBOOT=yes UUID="805c90c6-a8d2-49f1-8707-44696466a9fa" IPV6INIT=yes BOOTPROTO=none TYPE=Ethernet DNS1=127.0.0.1 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPADDR=xxx.xxx.187.234 PREFIX=29 GATEWAY=xxx.xxx.187.233 IPV6_PEERDNS=yes IPV6_PEERROUTES=yes Looking forward for the solution. I don't know whats wrong the setting above.

Windows 10 arp cache getting stuck after failed attempts when target machines are offline Posted: 12 Jun 2021 09:06 PM PDT After upgrading our development team to Windows 10 from 7, we are experiencing an issue with the ARP cache where a machine has the correct IP-MAC mapping cached, but the type is invalid due to failed connections during a power cycling of the target machine. On Windows 10, but not Windows 7, the target machine cannot be connected to until the ARP cache is cleared. I can have reproduce the issue as follows, where 10.10.10.10 is the correct IP address and 01:23:45:67:89:AB is the correct MAC address of the target machine in question: Start with the target machine powered off, and ping it through the entire test: ping -t 10.10.10.10 Ping is replying with "Request timed out" and the ARP cache contains, as expected 10.10.10.10 00:00:00:00:00:00 invalid Power on the target machine. Ping starts getting replies, and the ARP cache updates to 10.10.10.10 01:23:45:67:89:AB dynamic So far so good. Power off target machine. Ping starts reporting "Request timed out" and the ARP cache remains 10.10.10.10 01:23:45:67:89:AB dynamic After about 40 seconds, the ping replies with "Destination host unreachable" for one request, then returns to reporting "Request timed out", and the ARP cache changes to 10.10.10.10 01:23:45:67:89:AB invalid Power on the target machine, and ping (and any other connection) will not find it until you clear ARP cache, or at least delete the offending entry with the correct IP-MAC mapping with invalid type. How do I prevent the ARP cache from getting into this state, given that the target machine in the development environment does tend to require power cycling during the development process? Manually manipulating the ARP cache is not sustainable, and nobody reported this issue before moving to Windows 10. Windows 7 functions as one would expect, which is to say, what we desire: The ARP cache goes through the same stages as above. Ping starts by replying "Destination host unreachable" before the target is powered on, as opposed to Windows 10's "Request timed out" and returns to "Destination host unreachable" continually after it is powered off, as opposed to Windows 10 only reporting that once. When the machine is powered on, the connection is immediately established and the ARP cache returns to 10.10.10.10 01:23:45:67:89:AB dynamic without any need to clear any entries first. The developers' specific setup is a Windows workstation connected to several Beaglebone Blacks (small ARM based embedded boards running Linux) through a simple unmanaged 8 port gigabit switch. IP addresses are assigned by reserved DHCP, and addresses are picked up successfully each time the Beaglebones are powered on. When one Windows 10 machine has the invalid ARP entry that needs deleting, other machines without the Beaglebone in the ARP cache can successfully connect to the target machine.

How to extract specific emails from Exchange Online using PowerShell and move or sort them? Posted: 13 Jun 2021 03:14 AM PDT In Exchange Online (Office 365), I need to extract emails, from particular sending addresses, from a handful of user mailboxes, to another user mailbox folder. I've been reading about the Export-Mailbox PowerShell cmdlet, which seems to be able to do what I want, but I am not sure if it is possible to use on Office 365.

logoff sessions except console Posted: 13 Jun 2021 12:05 AM PDT There is an application in a multi-user environment that can only be open in one session on a workstation. The users move around frequently from PC to PC, leaving the application open, and the workstation locked. Disabling user switching is determinant to productivity. I need the system to force logoff any user besides the Consul session. The session ID is a variable that cannot be predicted. This is what I got so far... @ echo off query session > c:\users\session.txt powershell -Command "Get-Content c:\users\session.txt | Where-Object {$_ -notmatch 'console'} | Set-Content c:\users\session2.txt" for /f "skip=2 tokens=2," %i in (c:\users\session2.txt) DO C:\Windows\System32\logoff.exe %i The goal is to put this into a .bat to run at user logon so whoever is ACTUALLY using the computer can use the applicaton. Dataloss of the inactive session is no concern. Ideally, rdp-tcp and services would stay active sessions as well.

Ubuntu 14.04 can only access outside networks if using DHCP, not static IPs Posted: 12 Jun 2021 10:04 PM PDT I am configuring some server on Ubuntu Server 14.04 (no GUI) and I am have the following configuration: auto lo iface lo inet loopback ## Management network eth0 auto eth0 iface eth0 inet static address 10.0.0.11 netmask 255.255.255.0 gateway 10.0.0.1 dns-nameservers 8.8.8.8 8.8.4.4 Unfortunately, when using this configuration I can only access the LAN, any attempt to ping or access anything outside of our network fails. If I use DHCP and just take what ever IP address the router gives me, I can access internal and external networks. For testing sake I've been attempting to use "ping google.com" to test outside connectivity. One other note, in the router if I bind the IP to the MAC Address it appears to work just fine, but I don't want these rules to live in my router, I'd much rather they be configured on the server.

Raid 10, Logical device are missing Posted: 12 Jun 2021 11:05 PM PDT I have a problem with a RAID 10, I have 4 disks on raid. A disc has just been changed (0,3). But I can not rebuild the array. Logical device are setted as "Missing". All commands return to me the following error /usr/StorMan# /usr/StorMan/arcconf setstate 1 device 0 3 rdyControllers found: 1 The device specified does not exist. Command aborted. /usr/StorMan# /usr/StorMan/arcconf getconfig 1 Controllers found: 1 ---------------------------------------------------------------------- Controller information ---------------------------------------------------------------------- Controller Status : Optimal Channel description : SAS/SATA Controller Model : Adaptec 2405 Controller Serial Number : 2D2711FE327 Physical Slot : 16 Temperature : 68 C/ 154 F (Normal) Installed memory : 128 MB Copyback : Disabled Background consistency check : Disabled Automatic Failover : Enabled Global task priority : High Performance Mode : Default/Dynamic Stayawake period : Disabled Spinup limit internal drives : 0 Spinup limit external drives : 0 Defunct disk drive count : 0 Logical devices/Failed/Degraded : 1/0/1 SSDs assigned to MaxIQ Cache pool : 0 Maximum SSDs allowed in MaxIQ Cache pool : 8 MaxIQ Read Cache Pool Size : 0.000 GB MaxIQ cache fetch rate : 0 MaxIQ Cache Read, Write Balance Factor : 3,1 NCQ status : Enabled Statistics data collection mode : Enabled -------------------------------------------------------- Controller Version Information -------------------------------------------------------- BIOS : 5.2-0 (18937) Firmware : 5.2-0 (18937) Driver : 1.1-7 (28000) Boot Flash : 5.2-0 (18937) ---------------------------------------------------------------------- Logical device information ---------------------------------------------------------------------- Logical device number 0 Logical device name : RAID level : 10 Status of logical device : Degraded Size : 3809270 MB Stripe-unit size : 256 KB Read-cache mode : Enabled MaxIQ preferred cache setting : Enabled MaxIQ cache setting : Disabled Write-cache mode : Enabled (write-back) Write-cache setting : Enabled (write-back) Partitioned : Yes Protected by Hot-Spare : No Bootable : Yes Failed stripes : Yes Power settings : Disabled -------------------------------------------------------- Logical device segment information -------------------------------------------------------- Group 0, Segment 0 : Present (0,1) W1F20KQ9 Group 0, Segment 1 : Present (0,0) Z34063KS Group 1, Segment 0 : Present (0,2) W1E2PW1C Group 1, Segment 1 : Missing ---------------------------------------------------------------------- Physical Device information ---------------------------------------------------------------------- Device #0 Device is a Hard drive State : Online Supported : Yes Transfer Speed : SATA 3.0 Gb/s Reported Channel,Device(T:L) : 0,0(0:0) Reported Location : Connector 0, Device 0 Vendor : Model : ST2000DM001-1CH1 Firmware : CC24 Serial number : Z34063KS Size : 1907729 MB Write Cache : Enabled (write-back) FRU : None S.M.A.R.T. : No S.M.A.R.T. warnings : 0 Power State : Full rpm Supported Power States : Full rpm,Powered off,Reduced rpm SSD : No MaxIQ Cache Capable : No MaxIQ Cache Assigned : No NCQ status : Enabled Device #1 Device is a Hard drive State : Online Supported : Yes Transfer Speed : SATA 3.0 Gb/s Reported Channel,Device(T:L) : 0,1(1:0) Reported Location : Connector 0, Device 1 Vendor : Model : ST2000DM001-1CH1 Firmware : CC24 Serial number : W1F20KQ9 Size : 1907729 MB Write Cache : Enabled (write-back) FRU : None S.M.A.R.T. : No S.M.A.R.T. warnings : 0 Power State : Full rpm Supported Power States : Full rpm,Powered off,Reduced rpm SSD : No MaxIQ Cache Capable : No MaxIQ Cache Assigned : No NCQ status : Enabled Device #2 Device is a Hard drive State : Online Supported : Yes Transfer Speed : SATA 3.0 Gb/s Reported Channel,Device(T:L) : 0,2(2:0) Reported Location : Connector 0, Device 2 Vendor : Model : ST2000DM001-1CH1 Firmware : CC24 Serial number : W1E2PW1C Size : 1907729 MB Write Cache : Enabled (write-back) FRU : None S.M.A.R.T. : No S.M.A.R.T. warnings : 0 Power State : Full rpm Supported Power States : Full rpm,Powered off,Reduced rpm SSD : No MaxIQ Cache Capable : No MaxIQ Cache Assigned : No NCQ status : Enabled How can I start the rebuilding of the array?

nginx sending incomplete response Posted: 12 Jun 2021 11:05 PM PDT Without restart or modification of config, nginx is sending incomplete responses sometimes. Today, I could reproduce well, but still don't know what's wrong or how to fix. I put a 5MB file to the site's location/alias path that nginx is configured to use. There is no php5-fpm, modules etc. only nginx for serving static files. When testing, there is no other user accessing the server, no http access except my test requests. The download fails and Google Chrome shows in traffic log, that there were 2 requests, although I put the http url for the download only ONCE and there was no redirect or other 2nd request initiated by myself. Same issue at server's access.log, too: TEST1 [14/May/2014:14:06:53 +0200] "GET /dev/test_test.m4v HTTP/1.1" 206 1 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" [14/May/2014:14:06:53 +0200] "GET /dev/test_test.m4v HTTP/1.1" 200 130680 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.10 [14/May/2014:14:07:15 +0200] "GET /dev/test_test.m4v HTTP/1.1" 206 1 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" [14/May/2014:14:07:15 +0200] "GET /dev/test_test.m4v HTTP/1.1" 200 114684 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.10 You can see that theere is always one request with response size=1 and another one with mixed size, but >1. However, the result in the browser is always the same. => broken response, failed download. For making sure, it's not related to http status/response 206, I add max_ranges 0; to the config and retry -> test2. TEST2 [14/May/2014:14:11:36 +0200] "GET /dev/test_test.m4v HTTP/1.1" 200 152460 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" [14/May/2014:14:11:38 +0200] "GET /dev/test_test.m4v HTTP/1.1" 200 142296 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" Same result in the browser. Always failed download/request and the size in access.log is always different, like random chunk or response size. server status: iowait, RAM, cpu are almost idle. There is no high load or limitation. Is this a known issue or bug or do You know how to fix this?

On a system with 64GB mem the Linux Buffer run full while copying with dd to dev null and io stops till manual drop_caches Posted: 13 Jun 2021 01:08 AM PDT I am running a server with linux software raid 10. It is a dual CPU system with 64GB Ram. 2x16GB dimms related to each of the CPUs. I want to use dd to backup kvm virtual machines and run into a serious io problem. First I thought is related to the raid but it's a problem of the linux memory management. Here is an example: Memory is fine: http://i.stack.imgur.com/NbL60.jpg I start dd: http://i.stack.imgur.com/kEPN2.jpg You see also nmon shows the disk access: http://i.stack.imgur.com/Njcf5.jpg After a while the "buffers" are big and the copy progress stops http://i.stack.imgur.com/HCefI.jpg Here is meminfo: http://i.stack.imgur.com/KR0CE.jpg Here the dd output: http://i.stack.imgur.com/BHjnR.jpg I can manually resolve temporary the problem and force dropping the cache: "sync; echo 3 > /proc/sys/vm/drop_caches" The call needs few seconds and instantly after that the dd speed reach normal level. Sure I can a cronjob every min or such things but thats not a real solution. http://i.stack.imgur.com/zIDRz.jpg http://i.stack.imgur.com/fO8NV.jpg Does anybody have a solution or a configuration hint? Here is also my sysctl but all values are centos defaults: http://i.stack.imgur.com/ZQBNG.jpg Edit1 I make a other test and make a dd to disk instead /dev/null. This time also in one command without pv. So its only one process. dd if=/dev/vg_main_vms/AppServer_System of=AppServer_System bs=4M It start with reading without writing (target is not on the same disks) http://i.stack.imgur.com/jJg5x.jpg After a while the writing starts and the reading slow down http://i.stack.imgur.com/lcgW6.jpg After that a writing only time comes: http://i.stack.imgur.com/5FhG4.jpg Now starts the main problem. The copy process slow down to below 1mbs und nothing happend: http://i.stack.imgur.com/YfCXc.jpg The dd process now needs 100% cpu time (1 core) http://i.stack.imgur.com/IZn1N.jpg And again I can manually resolve temporary the problem and force dropping the cache: sync; echo 3 > /proc/sys/vm/drop_caches. After that the same game starts again... Edit2 For the local dd I can workaround with the parameter iflag=direct and oflag=direct. But this is no universal solution because there is also other file access like copy files to the local samba shares from a vm and there I cant use such parameters. There must be a tweak of the system file cache rules, because it cant be normal that you cant copy large files without such problems.

Connection refused HTTPS on Apache Posted: 12 Jun 2021 07:39 PM PDT I'm currently trying out HTTPS on one of my sites, and I got a trial certificate from a trusted CA. I've gone through the following checklist: Copied all the cert files according to the CA's instructions Enabled mod_ssl on apache with a2enmod ssl Checked PHP has OpenSSL enabled Made a new virtual host in Apache listening to 443 Inputted the SSL directives: SSLEngine on SSLCertificateKeyFile /etc/ssl/ssl.key/server.key SSLCertificateFile /etc/ssl/ssl.crt/api_my_site_com.crt SSLCertificateChainFile /etc/ssl/ssl.crt/apimysite.com-bundle Checked only apache was listening to port 443 with lsof Check locally and from my own PC with telnet if I could connect to 443 (to the IP of the server, not domain; trying to connect to my-site.com:443 gave me connect failed) However, when I try to browse to https://my-site.com (obviouslly not the real domain), I get a 'Connection Refused' error. This is what Apache logs: [Sat Jul 20 22:50:34 2013] [info] Loading certificate & private key of SSL-aware server [Sat Jul 20 22:50:34 2013] [info] Configuring server for SSL protocol [Sat Jul 20 22:50:34 2013] [info] RSA server certificate enables Server Gated Cryptography (SGC) [Sat Jul 20 22:50:34 2013] [info] [client ::1] Connection to child 0 established (server my-site.com:443) [Sat Jul 20 22:50:34 2013] [info] Seeding PRNG with 656 bytes of entropy [Sat Jul 20 22:50:34 2013] [info] [client ::1] SSL library error 1 in handshake (server my-site:443) [Sat Jul 20 22:50:34 2013] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!? [Sat Jul 20 22:50:34 2013] [info] [client ::1] Connection closed to child 0 with abortive shutdown (server my-site:443) Any ideas why this is happening? Configuration files: ports.conf Listen 443 NameVirtualHost *:80 Listen 80 virtualhost config <VirtualHost *:443> DocumentRoot /var/www/mysite/sandbox/api ServerName api.my-site.com RewriteEngine on RewriteRule ^/v1/* /v1/api.php [L] RewriteRule ^/* /index.php [L] <Directory "/var/www/mysite/sandbox/api"> allow from all </Directory> Options -MultiViews ErrorDocument 404 /404.html AddDefaultCharset utf-8 <IfModule mod_mime> AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml </IfModule> <IfModule mod_rewrite> Options +FollowSymlinks RewriteCond %{HTTPS} !=on RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L] </IfModule> <IfModule mod_autoindex> Options -Indexes </IfModule> <IfModule mod_rewrite> RewriteCond %{SCRIPT_FILENAME} -d [OR] RewriteCond %{SCRIPT_FILENAME} -f RewriteRule "(^|/)\." - [F] </IfModule> <FilesMatch "(^#.*#|\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|sw[op])|~)$"> Order allow,deny Deny from all Satisfy All </FilesMatch> FileETag None SSLEngine on SSLCertificateKeyFile /etc/ssl/ssl.key/server.key SSLCertificateFile /etc/ssl/ssl.crt/api_my_site_com.crt SSLCertificateChainFile /etc/ssl/ssl.crt/apimysite.com-bundle ErrorLog /var/www/mysite/api.log LogLevel info </VirtualHost>

installed post-installation script returned error exit status 1 Posted: 13 Jun 2021 02:08 AM PDT I found many complains with same error but for different packages. However, i couldn't understand essence of this error and how to fix it. Pls. help if you have any clue about it. It appeared first when i tried to install rsyslog. # dpkg --configure -a Setting up rsyslog (4.6.4-2) ... insserv: warning: script 'K02ossec' missing LSB tags and overrides insserv: warning: script 'K02drwebd' missing LSB tags and overrides insserv: warning: script 'drwebd' missing LSB tags and overrides insserv: script ctasd_initd: service Parallels already provided! insserv: script ctasd_initd: service Premium already provided! insserv: script ctasd_initd: service Outgoing already provided! insserv: script ctasd_initd: service Antispam already provided! insserv: warning: script 'ctmilter_initd' missing LSB tags and overrides insserv: warning: script 'ossec' missing LSB tags and overrides insserv: There is a loop between service munin-node and ctmilter_initd if stopped insserv: loop involving service ctmilter_initd at depth 2 insserv: loop involving service munin-node at depth 1 insserv: Stopping ctmilter_initd depends on munin-node and therefore on system facility `$all' which can not be true! insserv: exiting now without changing boot order! update-rc.d: error: insserv rejected the script header dpkg: error processing rsyslog (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: rsyslog

Running su with -c gives unrecognized command error Posted: 12 Jun 2021 10:04 PM PDT I am trying to run a command as another user in Linux. Here is what I run: su user1 -c '/bin/mkdir /tmp/zz' However, this gives me this error: fatal: unrecognized command '/bin/mkdir /tmp/zz'

What would cause a PHP app to segfault intermittently under load? Posted: 13 Jun 2021 03:04 AM PDT Posted this on stackoverflow but it seems more relevant over here... I'm doing some load testing (using jMeter) on a PHP app (it's a symfony app, if that matters). I've tested it under both apache/mod_php and nginx/php_fpm setups, and with multiple versions of php, apache, nginx, and linux and the logs are full of errors like these. I'm struggling to work out why these segfaults are occurring: [Wed Mar 13 00:54:47 2013] [notice] child pid 18830 exit signal Bus error (7), possible coredump in /tmp/apache2-gdb-dump [Wed Mar 13 00:54:55 2013] [notice] child pid 19016 exit signal Bus error (7), possible coredump in /tmp/apache2-gdb-dump [Wed Mar 13 00:54:56 2013] [notice] child pid 19002 exit signal Bus error (7), possible coredump in /tmp/apache2-gdb-dump [Wed Mar 13 00:54:58 2013] [notice] child pid 19041 exit signal Bus error (7), possible coredump in /tmp/apache2-gdb-dump When I generate a backtrace from the core dumps I get [New LWP 588] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/tls/i686/nosegneg/libthread_db.so.1". Core was generated by `/usr/sbin/apache2 -k start'. Program terminated with signal 7, Bus error. 0 lex_scan (zendlval=0xb6d2ce38) at /build/buildd/php5-5.4.6/Zend/zend_language_scanner.c:2260 Thread 1 (Thread 0xb7485700 (LWP 588)): 0 lex_scan (zendlval=0xb6d2ce38) at /build/buildd/php5-5.4.6/Zend/zend_language_scanner.c:2260 So perhaps it's something to do with parsing? I know little about php internals however, so am uncertain. What might be causing this?

Publishing a web app listening on two different ports with TMG Posted: 12 Jun 2021 08:03 PM PDT We have an internal web app built on some custom Java stuff. The app listens on port 8080, but also uses IIS on port 80 to get user authentication. Opening the site in a browser produces HTTP GETs to both ports/urls. Is a case like this possible to publish with TMG?

iptables forwarding a port between 2 networks with 2 ethernet cards Posted: 13 Jun 2021 03:04 AM PDT I have a server handling several services. For the purposes of this questions, suppose one of them is mail. If mail goes down, I want to forward it to another host. My network looks like this: -- Network 1 -- Box 1 eth1: 192.168.1.5 eth0: 10.10.10.3 -- Network 2 -- Box 2 eth0: 10.10.10.5 So... Incoming requests are coming to the 192.168.1.5 address on eth1 on box 1. Instead of stopping there, I want to forward them over eth0 to box 2 and let that handle it. I've tried the following iptables rules: iptables -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.5 --dport 25 -j DNAT --to-destination 10.10.10.5:25 iptables -A FORWARD -m state -p tcp -d 10.10.10.5 --dport 25 --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -p tcp -m tcp -s 10.10.10.5 --sport 25 -j SNAT --to-source 192.168.1.5 ... To no avail. Using tcpdump, I can see the request come in on the 2nd box, but nothing happens on the requesting computer. Please help. Thanks!

SSH connection gives no prompt, unresponsive Posted: 13 Jun 2021 02:08 AM PDT I'm ssh'ing from my OSX laptop to an OSX server. It worked a couple of days ago. Now, when I try and connect, no text is output. My session (with -v option) looks like: ~ $ ssh myserver ... debug1: Next authentication method: keyboard-interactive Password: debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. _ Where _ is the cursor. So it looks to me like I've connected, but something is wrong with the shell - it hasn't started up, or something. Could I have broken my .bash_profile? Are there other common causes of this behaviour? I don't have root access on this box, and I'd like to be able to give the sysadmins specific things to check for if possible. EDIT: It's actually an OSX server, not RHEL. (Confusion as it hosts a RHEL VM which I also often connect to.) I have been sent some server logs: ... Jan 19 11:30:09 myserver sshd[2545]: in pam_sm_authenticate(): Kerberos 5 error Jan 19 11:30:09 myserver sshd[2545]: in pam_sm_authenticate(): Kerberos 5 refuses you Jan 19 11:30:09 myserver sshd[2541]: Accepted keyboard-interactive/pam for stevebennett from xx.xx.xx.xx port 65411 ssh2 Jan 19 11:30:09 myserver com.apple.SecurityServer[39]: Session 0x2114691 created Jan 19 11:30:09 myserver com.apple.SecurityServer[39]: Session 0x2114691 attributes 0x20 Is the Kerberos 5 error relevant?

asterisk system function not working in dialplan Posted: 13 Jun 2021 01:08 AM PDT After a call hangs up, I've setup several lines in my dialplan to execute system commands. For instance, I have this in my dialplan: exten => h,1,System(echo yo) exten => h,n,System(echo yo) exten => h,n,System(echo yo) In my logs, all I'm seeing is one System command running: [Aug 25 16:04:54] DEBUG[24437] pbx.c: Launching 'System' [Aug 25 16:04:54] VERBOSE[24437] pbx.c: -- Executing [h@fax-tx:4] System("SIP/flowroute-00000014", "echo yo") in new stack [Aug 25 16:04:54] DEBUG[778] devicestate.c: No provider found, checking channel drivers for SIP - flowroute The rest are not running and the dialplan seems to just stop. I don't see any additional errors occuring. WTF is going on? I'm running Asterisk 1.8.5.

IIS Admin Service stuck at "Starting" status Posted: 12 Jun 2021 09:06 PM PDT I'm having some trouble restarting IIS, and I took a look and see that the IIS Admin Service is in the "Starting" status. I'm not able to Start/Stop it manually. All of the context menu options for this are disabled. Any ideas? My system settings are: IIS7 on Windows 7 I have the following ISAPI/CGI Restrictions: ASP.NET v2.0.50727 x32/x64 ASP.NET v4.0.30319 x32/x64

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States