Both radios useable for bridge connection

Similar Messages

• Security for bridge connectivity

  I need pointers on how to implement proper secure bridge (point to multipoint or point-to-point) Can I use radius/tacacs to authenticate non-root bridges using their mac-address ?

  i would suggest that you use any RADIUS server like ACS to secure your Wireless bridged network. For information on how to configure the RADIUS server read http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml

• TS3048 I'm having a difficult time getting my wireless keyboard & trackpad to work w/my iMac. I just changed the batteries on both devises but for some reason, after turning on and seeing the green light flash on both devises, won't connect to iMac. Pleas

  I'm having a difficult time getting my wireless keyboard & trackpad to work w/my iMac. I just changed the batteries on both devises but for some reason, after turning on and seeing the green light flash on both devises, both won't connect to iMac. Please help...

  Hello:
  Try resetting the SMC:
  http://support.apple.com/kb/HT3964
  Barry

• Why the itunes radio keep asking for internet connection

  I recently changed broadband provider and since then whenever i try to access the music store or the radio the app ask for internet connection even when i am online

  No idea what the fix is but I just want to say I am having the same problem
  Stop asking for my ****ing password itunes - remember it please!

• Site to site vpn for multipoint bridged connection

  I have a point to multipoint wireless bridge connection that the customer wants to secure with an ASA 5505 at each location. Keep in mind that each remote is just an extension of the host network, all on the same IP range.
  I was thinking that I could just setup an ipsec tunnel to each location from the host. Every example I see uses a different IP range for each location.
  My question is, is that possible and how would I do that?

  No, the ASA can't bridge across IPSec VPN connections (I don't believe any IPSec implementation by any vendor directly supports bridging), so I don't think there's an easy solution. If you had IOS routers you could configure bridging across GRE tunnels, even that's not supported by Cisco so you'd still be pushing your luck a little bit. Probably the best solution would be to just bite the bullet, re-address the remote sites, and configure traditional site-to-site VPNs. You could try to get fancy and do NAT across the VPNs so that all the remote hosts would appear to be on the same subnet as the main site, but I think you'd just be asking for trouble doing that.

• XM Radio Online Doesn't Connect

  Does anyone know how to get XM Radio to work within Safari? The Windows Media Player plug-in tries to connect but never does. I tried the Flip4Mac plug-in and got the same non-result. Essentially the XM Widget behaves the same except that it occasionally connects after a really long wait and other times generates error messages.
  The AOL radio player actually does work but does not offer all of the XM channels.
  An iTunes solution would be the ultimate right way to go but I haven't seen any way to do that either.
  Quick Silver   Mac OS X (10.4.1)  

  I do not believe XM is fully compatible with Safari.
  The XM Radio Online portion of the site is compatible. The rest of the site is horrible for Macs though.
  Are you getting a -2048 error message with Flip4Mac (I believe that's the error number)? Also, make sure you're using the latest version of the OS as well as the latest version of Flip4Mac. Both work fine for me.
  Also, you might want to try my application, ThisWeekOnXM which eliminates the need to open Safari for listening to XM Radio Online.
  As per Apple's TOS, I won't receive any benefit from you downloading my application unless you choose to donate, which is entirely in your hands.
  -Ryan

• WRT54GS router to WET54G bridge question, bridge connect to a wired router?

  Hello Everyone,
  I have a Wireless-G LAN set up using a WRT54GS router.  The existing wireless devices on the LAN are 2 PCs, a TiVo unit (using the TiVo wireless adapter), and 2 WET54G wireless bridges.  One bridge connects by ethernet wire to a LAN printer.  The other bridge connects by ethernet wire to a Sony BDP-S550 Blu-Ray player.
  The security is WPA2-AES.  so far all of that works OK, believe it or not, though I grew a lot older making it happen.
  Now here's what I'd like to do: I'd like to add another wired LAN device where the second WET54G bridge connects to the Blu-Ray player.  The bridge only has one ethernet wire connection, so I have to come up with some other way to get the two devices connected to the wireless LAN.
  I have two other LinkSys devices kicking around here that I can use.  One is a BEFSR41 wired Router.  The other is a WAP54G wireless Access Point.   If I can use one or both of those somehow, I won't have to buy another device.  That's the agenda so far.
  Right now it looks like this:
  WRT54GS Router wireless to WET54G Bridge wire to WAN input of BEFSR41 Router wires to the two LAN devices.
  I'm having trouble making this work, assuming it can even be done.  Can I get this config to work, or do I have to add the Access Point where the bridge is now, or.... ?
  Thanks for your time,
  Big Al Mintaka
  Solved!
  Go to Solution.

  You already have a network working with your existing devices. What you are trying to include in your network is possible and can be done. Instead of connecting the cable from the WET54G to the WAN port on the router, connect the cable the LAN port on the router. Disable the DHCP  and change the lan ip in the range of your existing network. It should work.

• Client (an internet radio) will not automatically connect

  Trying to install an internet radio Sagecom RM 50 on my intel mac lion with a time capsule. It will not connect automatically. I can connect using a pin and inputting the MAC, but when turning the radio off , it will not reconnect automatically. The radio works perfect on my office system with a thompson router and windows xp. Any ideas?

  Sorry I haven't fully explained. First time I have joined a forum for assistance.
  The Sagemcom RM50 is a wireless only internet radio and should connect automatically to your network after it scans for available networks and you input the encryption key. It works as advertised with my work router and windows xp system. I checked it at work for troubleshooting only to ensure that there was not a problem with the radio.
  I want to use this at home, but it does not connect automatically with my TC and imac. It recognizes both my normal and guest networks. I am able to input the encryption key with no faults, but it just continues attempting to connect with no error codes. The only way I have been able to connect is by "add wireless client" manually from the airport utility. This is where there is an option to use a PIN. The PIN is generated from the radio itself. The radio MAC address is then found and the connection established with no further problems. (There is also an option for "connect on first attempt" but this does not work.) According to the airport utility documentation after you have added a wireless client, it should reconnect without a password.
  The problem is that when you turn the radion off and back on the radio will not automatically reconnect.
  We have 6 or 7 other  wi-fi devises (both apple and non-apple) that have never given this sort of problem.
  It appears that the TC or OS is not saving or recognizing the radio MAC address when you turn it on. It just continues attempting to connect. I'm pretty certain at this point there is something blocking the wireless connection attempt and that a setting needs to be revised to allow the radio to connect and an IP address provided.
  Any assistance would be greatly appreciated.

• Bridge connection problem.

  I'm trying to connect a bridge connection between my laptop and USB connected android phone using this guide:
  http://blog.mycila.com/2010/06/reverse- … id-22.html
  My internet interface is wlan0, not eth0.
  However, I run into problem:
  $ sudo ifconfig wlan0 0.0.0.0
  $ sudo ifconfig usb0 0.0.0.0
  $ sudo brctl addbr br0
  $ sudo brctl addif br0 wlan0
  can't add wlan0 to bridge br0: Operation not supported
  I also tried doing it this way:
  On PC:
  sudo ifconfig usb0 192.168.42.1
  # enable routing
  sysctl net.ipv4.ip_forward=1
  # enable nat
  iptables -t nat -I POSTROUTING -s 192.168.42.129 -j MASQUERADE -o wlan0
  And issue this command on the phone:
  route add -net default gw 192.168.42.1
  But I can't even ping localhost from the phone
  # ping 192.168.42.129
  PING 192.168.42.129 (192.168.42.129) 56(84) bytes of data.
  ^C
  --- 192.168.42.129 ping statistics ---
  161 packets transmitted, 0 received, 100% packet loss, time 160105ms
  # ping localhost
  PING localhost (127.0.0.1) 56(84) bytes of data.
  ^C
  --- localhost ping statistics ---
  4 packets transmitted, 0 received, 100% packet loss, time 2999ms
  # busybox ping localhost
  PING localhost (127.0.0.1): 56 data bytes
  Last edited by Lockheed (2013-01-28 11:37:21)

  Ok, so here's my conf:
  # You should put this config-file in /etc/arno-iptables-firewall/ #
  # --------------------------- Configuration file ------------------------------
  # -= Arno's iptables firewall =-
  # Single- & multi-homed firewall script with DSL/ADSL support
  # (C) Copyright 2001-2012 by Arno van Amersfoort
  # Co-authors : Lonnie Abelbeck & Philip Prindeville
  # Homepage : http://rocky.eld.leidenuniv.nl/
  # Freshmeat : http://freshmeat.net/projects/iptables-firewall/?topic_id=151
  # Email : arnova AT rocky DOT eld DOT leidenuniv DOT nl
  # (note: you must remove all spaces and substitute the @ and the .
  # at the proper locations!)
  # This program is free software; you can redistribute it and/or
  # modify it under the terms of the GNU General Public License
  # version 2 as published by the Free Software Foundation.
  # This program is distributed in the hope that it will be useful, but WITHOUT
  # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  # more details.
  # You should have received a copy of the GNU General Public License along with
  # this program; if not, write to the Free Software Foundation Inc., 59 Temple
  # Place - Suite 330, Boston, MA 02111-1307, USA.
  # External (internet) interface settings #
  # The external interface(s) that will be protected (and used as internet
  # connection). This is probably ppp+ or dsl+ for non-transparent(!) (A)DSL
  # modems otherwise it's probably "ethX" (eg. eth0). Multiple interfaces should
  # be space separated.
  EXT_IF="eth0 wlan0"
  # Enable if THIS machines (dynamically) obtains its IP through (IPv4) DHCP
  # and/or (IPv6) DHCPv6 (from your ISP)
  EXT_IF_DHCP_IP=1
  # (EXPERT SETTING!) Here you can specify your external(!) IPv4 subnet(s). You
  # should only use this if you for example have a corporate network and/or
  # running a DHCP server on your external(!) interface. Home users should
  # normally NOT touch this setting. Multiple subnets should be space separated.
  # Don't forget to specify a proper subnet masker (eg. /24, /16 or /8)!
  #EXTERNAL_NET=""
  # (EXPERT SETTING!) Here you can specify the IPv4 address used for broadcasts
  # on your external subnet. You only need to set this option if you want to use
  # the BROADCAST_XXX_NOLOG variables AND you use a non-standard broadcast
  # address (not *.255.255.255, *.*.255.255 or *.*.*.255)! So normally leaving
  # this empty should work fine. Multiple addresses should be space separated.
  #EXT_NET_BCAST_ADDRESS=""
  # Enable this if THIS MACHINE is running an IPv4 DHCP(BOOTP) server for a subnet
  # on the external(!) interface. Note that you don't need this for internal
  # subnets, as for these nets everything is accepted by default. Don't forget to
  # configure the EXTERNAL_NET variable, to make this work. (IPv4 Only)
  EXTERNAL_DHCP_SERVER=0
  # Enable this if THIS MACHINE is running an IPv6 DHCPv6 server for a Link-Local
  # address on the external(!) interface. Note that you don't need this for internal
  # subnets, as for these nets everything is accepted by default. (IPv6 Only)
  EXTERNAL_DHCPV6_SERVER=0
  # Internal (LAN) interface settings #
  # Specify here your internal network (LAN) interface(s). Multiple(!) interfaces
  # should be space separated. Remark this if you don't have any internal network
  # interfaces. Note that by default ALL traffic is accepted from these
  # interfaces.
  INT_IF="usb0 usb1"
  # Specify here the internal IPv4 subnet(s) which is/are connected to the
  # internal interface(s). For multiple interfaces(!) you can either specify
  # multiple subnets here or specify one big subnet for all internal interfaces.
  # Note that this variable is mainly used for antispoofing.
  INTERNAL_NET="10.1.3.0/24"
  # Set this variable to 0 to disable antispoof checking for the internal nets
  # (EXPERT SETTING!)
  INTERNAL_NET_ANTISPOOF=1
  # (EXPERT SETTING!) Here you can specify the IPv4 address used for broadcasts
  # on your internal subnet. You only need to set this option if you want to use
  # the MAC filter AND you use a non-standard broadcast address
  # (not *.255.255.255, *.*.255.255 or *.*.*.255)! So normally leaving
  # this empty should work fine. Multiple addresses (if you have multiple
  # internal nets) should be space separated.
  #INT_NET_BCAST_ADDRESS=""
  # DMZ (aka DeMilitarized Zone) settings #
  # Put in the following variable the network interfaces that are DMZ-classified.
  # You can also use this interface if you want to shield your Wireless network
  # from your LAN.
  DMZ_IF=""
  # Specify here the subnet which is connected to the DMZ interface (DMZ_IF).
  # For multiple interfaces(!) you can either specify multiple subnets here or
  # specify one big subnet for all DMZ interfaces.
  DMZ_NET=""
  # Set this variable to 0 to disable antispoof checking for the dmz nets
  # (EXPERT SETTING!)
  DMZ_NET_ANTISPOOF=1
  # NAT (Masquerade, SNAT, DNAT) settings (IPv4 only!) #
  # Enable this if you want to perform NAT (masquerading) for your internal
  # network (LAN) (eg. share your internet connection with your internal
  # net(s) connected to eg. INT_IF)
  NAT=1
  # (EXPERT SETTING!) In case you would like to use SNAT instead of
  # MASQUERADING then uncomment and set the IP or IPs here of your static
  # external address(es). Note that when multiple IPs are specified, SNAT
  # multiroute is enabled (load balancing over multiple external (internet)
  # interfaces, check the README file for more info). Note that the order of IPs
  # should match the order of interfaces (they belong to) in $EXT_IF!
  #NAT_STATIC_IP="193.2.1.1"
  # (EXPERT SETTING!) Use this variable only if you want specific subnets or
  # hosts to be able to access the internet. When no value is specified, your
  # whole internal net will have access. In both cases it's obviously only
  # meaningful when NAT is enabled. Note that you can also use this variable if
  # you want to use NAT for your DMZ.
  NAT_INTERNAL_NET="$INTERNAL_NET"
  # (EXPERT SETTING!) Enable this if you want to be able to redirect local ports
  # or protocols on your gateway using NAT forwards.
  NAT_LOCAL_REDIRECT=0
  # NAT TCP/UDP/IP forwards. Forward ports or protocols from the gateway to
  # an internal client through (D)NAT. Note that you can also use these
  # variables to forward ports to DMZ hosts.
  # TCP/UDP form:
  # "{SRCIP1,SRCIP2,...~}PORT1,PORT2-PORT3,...>DESTIP1{~port} \
  # {SRCIP3,...~}PORT3,...>DESTIP2{~port}"
  # IP form:
  # "{SRCIP1,SRCIP2,...~}PROTO1,PROTO2,...>DESTIP1 \
  # {SRCIP3~}PROTO3,PROTO4,...>DESTIP2"
  # TCP/UDP port forward examples:
  # Simple (forward port 80 to internal host 192.168.0.10):
  # NAT_FORWARD_xxx="80>192.168.0.10 20,21>192.168.0.10"
  # Advanced (forward port 20 & 21 to 192.168.0.10 and
  # forward from 1.2.3.4 port 81 to 192.168.0.11 port 80:
  # NAT_FORWARD_xxx="1.2.3.4~81>192.168.0.11~80"
  # IP protocol forward example:
  # (forward protocols 47 & 48 to 192.168.0.10)
  # NAT_FORWARD_IP="47,48>192.168.0.10"
  # NOTE 1: {~port} is optional. Use it to redirect a specific port to a
  # different port on the internal client.
  # NOTE 2: {SRCIPx} is optional. Use it to restrict access for specific source
  # (inet) IP addresses.
  # (IPv4 Only)
  NAT_FORWARD_TCP=""
  NAT_FORWARD_UDP=""
  NAT_FORWARD_IP=""
  # TCP/UDP/IP forwards. Forward IPv6 and non-NAT'ed IPv4 ports or protocols
  # from the gateway to an internal client. Note that you can also use these
  # variables to forward ports to DMZ hosts.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1{~port} \
  # SRCIP3,...>DESTIP2{~port}"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~PROTO \
  # SRCIP3,...>DESTIP2~PROTO"
  # TCP/UDP port forward examples:
  # Simple (IPv6 forward port 80 to internal host 2001:db8::2):
  # INET_FORWARD_TCP="::/0>2001:db8::2~80"
  # Simple (IPv4 non-NAT forward port 80 to internal host 192.168.0.10):
  # INET_FORWARD_TCP="0/0>192.168.0.10~80"
  # Advanced (forward all UDP ports for 2000::/3 net to 2001:db8::/32 net):
  # INET_FORWARD_UDP="2000::/3>2001:db8::/32"
  # IP protocol forward example:
  # (forward protocol 58 (ICMPv6) to 2001:db8::2)
  # INET_FORWARD_IP="::/0>2001:db8::2~58"
  # (IPv6 and non-NAT'ed IPv4 Only)
  INET_FORWARD_TCP=""
  INET_FORWARD_UDP=""
  INET_FORWARD_IP=""
  # General settings #
  # (EXPERT SETTING!) Location of the iptables-binary (use 'locate iptables' or
  # 'whereis iptables' to manually locate it), required for (default) IPv4 support
  IP4TABLES="/usr/sbin/iptables"
  # (EXPERT SETTING!) Location of the ip6tables-binary (use 'locate ip6tables' or
  # 'whereis ip6tables' to manually locate it), required for IPv6 support
  IP6TABLES="/usr/sbin/ip6tables"
  # (EXPERT SETTING!) Location of the environment file
  ENV_FILE="/usr/share/arno-iptables-firewall/environment"
  # (EXPERT SETTING!) Location of plugin binary & config files
  PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
  PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
  # Most people don't want to get any firewall logs being spit to the console.
  # This option makes the kernel ring buffer only log messages with level
  # "panic".
  DMESG_PANIC_ONLY=1
  # Enable this if you want TOS mangling (RFC)
  MANGLE_TOS=0
  # Enable this if you want to set the maximum packet size via the
  # Maximum Segment Size(through MSS field)
  SET_MSS=1
  # Enable this if you want to increase the TTL value by one in the prerouting
  # chain. This hides the firewall when performing eg. traceroutes to internal
  # hosts. (IPv4 only!)
  TTL_INC=0
  # (EXPERT SETTING!) Enable this if you want to set the TTL value for packets in
  # the OUTPUT & FORWARD chain. Note that this only works with newer 2.6 kernels
  # (2.6.14 or better) or patched 2.4 kernels, which have netfilter TTL target
  # support. Don't mess with this unless you really know what you are doing!
  # (IPv4 only!)
  #PACKET_TTL="64"
  # Enable this to support the IRC-protocol.
  USE_IRC=0
  # (EXPERT SETTING!) Loosen the forward chain for the external interface(s).
  # Enable it to allow the use of protocols like UPnP. Note that it *could* be
  # less secure.
  LOOSE_FORWARD=0
  # (EXPERT SETTING!) Enable (1) to allow IPv6 Link-Local addresses to be
  # forwarded between interfaces. (IPv6 Only)
  FORWARD_LINK_LOCAL=0
  # (EXPERT SETTING!) Disable (0) to not drop all IPv6 packets with
  # Routing Header Type 0. Enabled by default. (IPv6 Only)
  IPV6_DROP_RH_ZERO=1
  # (EXPERT SETTING!) Enable this if you want to drop packets originating from a
  # private address.
  # Note: To enable logging of dropped private addresses set RESERVED_NET_LOG=1
  RESERVED_NET_DROP=0
  # (EXPERT SETTING!) Protect this machine from being abused for a DRDOS-attack
  # ("Distributed Reflection Denial Of Service"-attack). (STILL EXPERIMENTAL!)
  DRDOS_PROTECT=0
  # Enable (1) if you want to enable mixed IPv4/IPv6 traffic support
  # Disable (0) if you want to enable only IPv4 traffic support
  IPV6_SUPPORT=0
  # This option fixes problems with SMB broadcasts when using nmblookup
  NMB_BROADCAST_FIX=0
  # Set this to 0 to suppress "assuming module is compiled in kernel" messages
  COMPILED_IN_KERNEL_MESSAGES=1
  # (EXPERT SETTING!) You can choose the default policy for the INPUT & FORWARD
  # chain here (1=DROP, 0=ACCEPT). The default policy is DROP. This means that
  # when there are no rule(s) available (yet), the packet will be DROPPED. In
  # practice this rule only does something while the firewall is starting. Once
  # it's started and all rules are in place, the default policy doesn't do
  # anything anymore. People that use eg. NFS and let their clients boot from NFS
  # (diskless client systems) probably want to disable this option to fix
  # "NFS server not responding" etc. errors on their clients.
  DEFAULT_POLICY_DROP=1
  # (EXPERT SETTING!) (Other) trusted network interfaces for which ALL IP
  # traffic should be ACCEPTED. (multiple(!) interfaces should be space
  # separated). Be warned that anything TO and FROM these interfaces is allowed
  # (ACCEPTED) so make sure it's NOT routable(accessible) from the outside world
  # (internet)! And of course putting one of your external interfaces here would
  # be extremely stupid.
  TRUSTED_IF=""
  # (EXPERT SETTING!) Put here the interfaces that should trust
  # each other (accept forward traffic). You can use | (piping-sign) to create
  # seperate interface groups. And (again) of course putting one of your external
  # interfaces here would be extremely stupid.
  IF_TRUSTS=""
  # Location of the custom iptables rules file (if any).
  CUSTOM_RULES="/etc/arno-iptables-firewall/custom-rules"
  # Location of the local (user/global) configuration file, if used
  LOCAL_CONFIG_FILE=""
  # (EXPERT SETTING!) Set this (to 1) to disable the use of iptables-save and
  # iptables-restore to add rules in batch rather than one-by-one. Much slower
  # when disabled. BLOCK_HOSTS and BLOCK_HOSTS_FILE utilizes this feature.
  DISABLE_IPTABLES_BATCH=0
  # (EXPERT SETTING!) Set this (to 1) to enable tracing
  TRACE=0
  # Logging options - All logging is rate limited to prevent log flooding #
  # Enable logging for explicitly blocked hosts.
  BLOCKED_HOST_LOG=1
  # Enable logging for various stealth scans (reliable).
  SCAN_LOG=1
  # Enable logging for possible stealth scans (less reliable).
  POSSIBLE_SCAN_LOG=1
  # Enable logging for TCP-packets with bad flags.
  BAD_FLAGS_LOG=1
  # Enable logging of invalid TCP packets. Keep disabled (0) by default to reduce
  # INVALID packets being logged because of lost (legimate) connections. When
  # debugging any problems, you should enable it (temporarily)!
  INVALID_TCP_LOG=0
  # Enable logging of invalid UDP packets. Keep disabled (0) by default to reduce
  # INVALID packets being logged because of lost (legimate) connections. When
  # debugging any problems, you should enable it (temporarily)!
  INVALID_UDP_LOG=0
  # Enable logging of invalid ICMP packets. Keep disabled (0) by default to reduce
  # INVALID packets being logged because of lost (legimate) connections. When
  # debugging any problems, you should enable it (temporarily)!
  INVALID_ICMP_LOG=0
  # Enable (1) logging of source IPs with reserved or private addresses.
  RESERVED_NET_LOG=0
  # Enable logging of fragmented packets.
  FRAG_LOG=1
  # Enable logging of denied local (OUTPUT) connections.
  INET_OUTPUT_DENY_LOG=1
  # Enable logging of denied LAN output (FORWARD) connections.
  LAN_OUTPUT_DENY_LOG=1
  # Enable logging of denied LAN INPUT connections.
  LAN_INPUT_DENY_LOG=1
  # Enable logging of denied DMZ output (FORWARD) connections.
  DMZ_OUTPUT_DENY_LOG=1
  # Enable logging of denied DMZ input (FORWARD) connections.
  DMZ_INPUT_DENY_LOG=1
  # Enable logging of dropped FORWARD packets.
  FORWARD_DROP_LOG=1
  # Enable logging of dropped IPv6 Link-Local forwarded packets.
  # Note: requires FORWARD_LINK_LOCAL=0 (IPv6 Only)
  LINK_LOCAL_DROP_LOG=1
  # Enable logging of dropped ICMP-request packets (ping).
  ICMP_REQUEST_LOG=1
  # Enable logging of dropped "other" ICMP packets.
  ICMP_OTHER_LOG=1
  # Enable logging of normal connection attempts to privileged TCP ports.
  PRIV_TCP_LOG=1
  # Enable logging of normal connection attempts to privileged UDP ports.
  PRIV_UDP_LOG=1
  # Enable logging of normal connection attempts to unprivileged TCP ports.
  UNPRIV_TCP_LOG=1
  # Enable logging of normal connection attempts to unprivileged UDP ports.
  UNPRIV_UDP_LOG=1
  # Enable logging of IPv4 IGMP packets
  IGMP_LOG=1
  # Enable logging of normal connection attempts to "other-IP"-protocols (non
  # TCP/UDP/ICMP/IGMP).
  OTHER_IP_LOG=1
  # Enable logging for ICMP flooding.
  ICMP_FLOOD_LOG=1
  # (EXPERT SETTING!) The location of the dedicated firewall log file. When
  # enabled the firewall script will also log start/stop etc. info to this file
  # as well. Note that in order to make this work, you should also configure
  # syslogd to log firewall messages to this file (see LOGLEVEL below for further
  # info).
  #FIREWALL_LOG="/var/log/firewall.log"
  # (EXPERT SETTING!) Current log-level ("info": default kernel syslog level)
  # "debug": can be used to log to /var/log/firewall.log, but you have to configure
  # syslogd accordingly (see included syslogd.conf examples).
  LOGLEVEL="info"
  # Put in the following variables which hosts you want to log certain incoming
  # connection attempts for.
  # TCP/UDP port format (LOG_HOST_INPUT_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (LOG_HOST_INPUT_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  LOG_HOST_INPUT_TCP=""
  LOG_HOST_INPUT_UDP=""
  LOG_HOST_INPUT_IP=""
  # Put in the following variables which hosts you want to log certain outgoing
  # connection attempts for.
  # TCP/UDP port format (LOG_HOST_OUTPUT_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (LOG_HOST_OUTPUT_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  LOG_HOST_OUTPUT_TCP=""
  LOG_HOST_OUTPUT_UDP=""
  LOG_HOST_OUTPUT_IP=""
  # Put in the following variables which services you want to log incoming
  # connection attempts for.
  LOG_INPUT_TCP=""
  LOG_INPUT_UDP=""
  LOG_INPUT_IP=""
  # Put in the following variables which services you want to log outgoing
  # connection attempts for.
  LOG_OUTPUT_TCP=""
  LOG_OUTPUT_UDP=""
  LOG_OUTPUT_IP=""
  # Put in the following variable which hosts you want to log incoming connection
  # (attempts) for.
  LOG_HOST_INPUT=""
  # Put in the following variable which hosts you want to log outgoing connection
  # (attempts) to.
  LOG_HOST_OUTPUT=""
  # sysctl based settings (EXPERT SETTINGS!) #
  # Enable for synflood protection (through /proc/.../tcp_syncookies).
  SYN_PROT=1
  # Enable this to reduce the ability of others DOS'ing your machine.
  REDUCE_DOS_ABILITY=1
  # Enable to ignore all ICMP echo-requests (IPv4) on ALL interfaces.
  ECHO_IGNORE=0
  # Enable to log packets with impossible addresses to the kernel log.
  LOG_MARTIANS=0
  # Only disable this if you're NOT using forwarding (required for NAT etc.) for
  # increased security.
  # Note: If enabled and IPV6 enabled, local IPv6 autoconf will be disabled.
  IP_FORWARDING=1
  # (EXPERT SETTING!) Only disable this if IP_FORWARDING is disabled and
  # you do not use autoconf to obtain your IPv6 address.
  # Note: This is ignored if IP_FORWARDING is enabled. (IPv6 Only)
  IPV6_AUTO_CONFIGURATION=1
  # Enable if you want to accept ICMP redirect messages. Should be set to "0" in
  # case of a router.
  ICMP_REDIRECT=0
  # Enable/modify this if you want to be a able to handle a larger (or smaller)
  # number of simultaneous connections. For high traffic machines I recommend to
  # use a value of at least 16384 (note that a higher value (obviously) also uses
  # more memory).
  CONNTRACK=16384
  # Enable ECN (Explicit Congestion Notification) TCP flag. Disabled by default,
  # as some routers are still not compatible with this.
  ECN=0
  # Enable to drop connections from non-routable IPs, eg. prevent source
  # routing. By default the firewall itself also provides rules against source
  # routing. Note than when you use eg. VPN (Freeswan), you should probably
  # disable this setting.
  RP_FILTER=1
  # Protect against source routed packets. Attackers can use source routing to
  # generate traffic pretending to be from inside your network, but which is
  # routed back along the path from which it came, namely outside, so attackers
  # can compromise your network. Source routing is rarely used for legitimate
  # purposes, so normally you should always leave this enabled(1)!
  SOURCE_ROUTE_PROTECTION=1
  # Here we set the local port range (ports from which connections are
  # initiated from our site). Don't mess with this unless you really know what
  # you are doing!
  LOCAL_PORT_RANGE="32768 61000"
  # Here you can change the default TTL used for sending packets. The value
  # should be between 10 and 255. Don't mess with this unless you really know
  # what you are doing!
  DEFAULT_TTL=64
  # In most cases pmtu discovery is ok, but in some rare cases (when having
  # problems) you might want to disable it.
  NO_PMTU_DISCOVERY=0
  # Firewall policies for the LAN (EXPERT SETTINGS!) #
  # LAN_xxx = LAN->localhost(this machine) input access rules #
  # Note that when both LAN_OPEN_xxx & LAN_HOST_OPEN_xxx are NOT used, the #
  # default policy for this chain is accept (unless denied through #
  # LAN_DENY_xxx and/or LAN_HOST_DENY_xxx)! #
  # Enable this to allow for ICMP-requests(ping) from your LAN
  LAN_OPEN_ICMP=1
  # Put in the following variables the TCP/UDP ports or IP protocols TO
  # (remote end-point) which the LAN hosts are permitted to connect to.
  LAN_OPEN_TCP=""
  LAN_OPEN_UDP=""
  LAN_OPEN_IP=""
  # Put in the following variables the TCP/UDP ports or IP protocols TO (remote
  # end-point) which LAN hosts are NOT permitted to connect to.
  LAN_DENY_TCP=""
  LAN_DENY_UDP=""
  LAN_DENY_IP=""
  # Put in the following variables the TCP/UDP ports or IP
  # protocols TO (remote end-point) which certain LAN hosts are
  # permitted to connect to.
  # TCP/UDP port format (LAN_INPUT_HOST_OPEN_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (LAN_INPUT_HOST_OPEN_xxx):
  # "host1,host2~proto1,proto2 host3,host4~proto3,proto4 ..."
  LAN_HOST_OPEN_TCP=""
  LAN_HOST_OPEN_UDP=""
  LAN_HOST_OPEN_IP=""
  # Put in the following variables the TCP/UDP ports or IP protocols TO (remote
  # end-point) which certain LAN hosts are NOT permitted to connect to.
  # TCP/UDP port format (LAN_INPUT_HOST_DENY_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (LAN_INPUT_HOST_DENY_xxx):
  # "host1,host2~proto1,proto2 host3,host4~proto3,proto4 ..."
  LAN_HOST_DENY_TCP=""
  LAN_HOST_DENY_UDP=""
  LAN_HOST_DENY_IP=""
  # LAN_INET_xxx = LAN->internet access rules (forward) #
  # Note that when both LAN_INET_OPEN_xxx & LAN_INET_HOST_OPEN_xxx are NOT #
  # used, the default policy for this chain is accept (unless denied #
  # through LAN_INET_DENY_xxx and/or LAN_INET_HOST_DENY_xxx)! #
  # Enable this to allow for ICMP-requests(ping) for LAN->INET
  LAN_INET_OPEN_ICMP=1
  # Put in the following variables the TCP/UDP ports or IP
  # protocols TO (remote end-point) which the LAN hosts are
  # permitted to connect to via the external (internet) interface.
  LAN_INET_OPEN_TCP=""
  LAN_INET_OPEN_UDP=""
  LAN_INET_OPEN_IP=""
  # Put in the following variables the TCP/UDP ports or IP protocols TO (remote
  # end-point) which the LAN hosts are NOT permitted to connect to
  # via the external (internet) interface. Examples of usage are for blocking
  # IRC (TCP 6666:6669) for the internal network.
  LAN_INET_DENY_TCP=""
  LAN_INET_DENY_UDP=""
  LAN_INET_DENY_IP=""
  # Put in the following variables which LAN hosts you want to allow to certain
  # hosts/services on the internet. By default all services are allowed.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple:
  # (Allow port 80 on INET host 1.2.3.4 for all LAN hosts(0/0)):
  # LAN_INET_HOST_OPEN_xxx="0/0>1.2.3.4~80"
  # Advanced:
  # (Allow port 20 & 21 on INET host 1.2.3.4 for all LAN hosts(0/0) and
  # allow port 80 on INET host 1.2.3.4 for LAN host 192.168.0.10 (only)):
  # LAN_INET_HOST_OPEN_xxx="0/0>1.2.3.4~20,21 192.168.0.10>80"
  # IP protocol example:
  # (Allow protocols 47 & 48 on INET host 1.2.3.4 for all LAN hosts(0/0))
  # LAN_INET_HOST_OPEN_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  LAN_INET_HOST_OPEN_TCP=""
  LAN_INET_HOST_OPEN_UDP=""
  LAN_INET_HOST_OPEN_IP=""
  # Put in the following variables which DMZ hosts you want to deny to certain
  # hosts/services on the internet.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Deny port 80 on INET host 1.2.3.4 for all LAN hosts(0/0)):
  # LAN_INET_HOST_DENY_xxx="0/0>1.2.3.4~80"
  # Advanced (Deny port 20 & 21 on INET host 1.2.3.4 for all LAN hosts(0/0) and
  # deny port 80 on INET host 1.2.3.4 for LAN host 192.168.0.10 (only)):
  # LAN_INET_HOST_DENY_xxx="0/0>1.2.3.4~20,21 192.168.0.10>1.2.3.4~80"
  # IP protocol example:
  # (Deny protocols 47 & 48 on INET host 1.2.3.4 for all LAN hosts(0/0)):
  # LAN_INET_HOST_DENY_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  LAN_INET_HOST_DENY_TCP=""
  LAN_INET_HOST_DENY_UDP=""
  LAN_INET_HOST_DENY_IP=""
  # Firewall policies for the DMZ (EXPERT SETTINGS!) #
  # DMZ_xxx = DMZ->localhost(this machine) input access rules #
  # Enable this to allow ICMP-requests(ping) from the DMZ
  DMZ_OPEN_ICMP=1
  # Put in the following variables which DMZ hosts are permitted to connect to
  # certain the TCP/UDP ports, IP protocols or ICMP. By default all (local)
  # services are blocked for DMZ hosts.
  DMZ_OPEN_TCP=""
  DMZ_OPEN_UDP=""
  DMZ_OPEN_IP=""
  # Put in the following variables which DMZ hosts you want to allow for certain
  # services. By default all (local) services are blocked for DMZ hosts.
  # TCP/UDP port format (DMZ_HOST_OPEN_TCP & DMZ_HOST_OPEN_UDP):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (DMZ_HOST_OPEN_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto3,proto4 ..."
  DMZ_HOST_OPEN_TCP=""
  DMZ_HOST_OPEN_UDP=""
  DMZ_HOST_OPEN_IP=""
  # INET_DMZ_xxx = Internet->DMZ access rules (forward) #
  # Note: As of Version 2.0.0 the default policy has changed to DROP #
  # Previous to Version 2.0.0 the default policy was ACCEPT #
  # Enable this to make the default policy allow for ICMP(ping) for INET->DMZ
  INET_DMZ_OPEN_ICMP=0
  # Put in the following variables which INET hosts are permitted to connect to
  # certain the TCP/UDP ports or IP protocols in the DMZ.
  INET_DMZ_OPEN_TCP=""
  INET_DMZ_OPEN_UDP=""
  INET_DMZ_OPEN_IP=""
  # Put in the following variables which INET hosts are NOT permitted to connect
  # to certain the TCP/UDP ports or IP protocols in the DMZ.
  INET_DMZ_DENY_TCP=""
  INET_DMZ_DENY_UDP=""
  INET_DMZ_DENY_IP=""
  # Put in the following variables which INET hosts you want to allow to certain
  # hosts/services on the DMZ net. By default all services are dropped.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Allow port 80 on DMZ host 1.2.3.4 for all INET hosts(0/0)):
  # INET_DMZ_HOST_OPEN_xxx="0/0>1.2.3.4~80"
  # Advanced (Allow port 20 & 21 on DMZ host 1.2.3.4 for all INET hosts(0/0) and
  # allow port 80 on DMZ host 1.2.3.4 for INET host 5.6.7.8 (only)):
  # INET_DMZ_HOST_OPEN_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Allow protocols 47 & 48 on INET host 1.2.3.4 for all DMZ hosts )
  # INET_DMZ_HOST_OPEN_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  INET_DMZ_HOST_OPEN_TCP=""
  INET_DMZ_HOST_OPEN_UDP=""
  INET_DMZ_HOST_OPEN_IP=""
  # Put in the following variables which INET hosts you want to deny to certain
  # hosts/services on the DMZ net.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Deny port 80 on DMZ host 1.2.3.4 for all INET hosts(0/0)):
  # INET_DMZ_HOST_DENY_xxx="0/0>1.2.3.4~80"
  # Advanced (Deny port 20 & 21 on DMZ host 1.2.3.4 for all INET hosts(0/0) and
  # deny port 80 on DMZ host 1.2.3.4 for INET host 5.6.7.8 (only)):
  # INET_DMZ_HOST_DENY_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Deny protocols 47 & 48 on DMZ host 1.2.3.4 for all INET hosts):
  # INET_DMZ_HOST_DENY_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  INET_DMZ_HOST_DENY_TCP=""
  INET_DMZ_HOST_DENY_UDP=""
  INET_DMZ_HOST_DENY_IP=""
  # DMZ_INET_xxx = DMZ->internet access rules (forward) #
  # Note that when both DMZ_INET_OPEN_xxx & DMZ_INET_HOST_OPEN_xxx are NOT #
  # used, the default policy for this chain is accept (unless denied #
  # through DMZ_INET_DENY_xxx and/or DMZ_INET_HOST_DENY_xxx)! #
  # Enable this to make the default policy allow for ICMP(ping) for DMZ->INET
  DMZ_INET_OPEN_ICMP=1
  # Put in the following variables the TCP/UDP ports or IP
  # protocols TO (remote end-point) which the DMZ hosts are
  # permitted to connect to via the external (internet) interface.
  DMZ_INET_OPEN_TCP=""
  DMZ_INET_OPEN_UDP=""
  DMZ_INET_OPEN_IP=""
  # Put in the following variables the TCP/UDP ports or IP protocols TO (remote
  # end-point) which the DMZ hosts are NOT permitted to connect to
  # via the external (internet) interface. Examples of usage are for blocking
  # IRC (TCP 6666:6669) for the internal network.
  DMZ_INET_DENY_TCP=""
  DMZ_INET_DENY_UDP=""
  DMZ_INET_DENY_IP=""
  # Put in the following variables which DMZ hosts you want to allow to certain
  # hosts/services on the internet. By default all services are allowed.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~sprotocol"
  # TCP/UDP examples:
  # Simple (Allow port 80 on INET host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_INET_HOST_OPEN_xxx="0/0>1.2.3.4~80"
  # Advanced (Allow port 20 & 21 on INET host 1.2.3.4 for all DMZ hosts(0/0) and
  # allow port 80 on INET host 1.2.3.4 for DMZ host 5.6.7.8 (only)):
  # DMZ_INET_HOST_OPEN_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Allow protocols 47 & 48 on INET host 1.2.3.4 for all DMZ hosts):
  # DMZ_INET_HOST_OPEN_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  DMZ_INET_HOST_OPEN_TCP=""
  DMZ_INET_HOST_OPEN_UDP=""
  DMZ_INET_HOST_OPEN_IP=""
  # Put in the following variables which DMZ hosts you want to deny to certain
  # hosts/services on the internet.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Deny port 80 on INET host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_INET_HOST_DENY_xxx="0/0>1.2.3.4~80"
  # Advanced (Deny port 20 & 21 on INET host 1.2.3.4 for all DMZ hosts(0/0) and
  # deny port 80 on INET host 1.2.3.4 for DMZ host 5.6.7.8 (only)):
  # DMZ_INET_HOST_DENY_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Deny protocols 47 & 48 on INET host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_INET_HOST_DENY_IP="0/0>1.2.3.4:47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  DMZ_INET_HOST_DENY_TCP=""
  DMZ_INET_HOST_DENY_UDP=""
  DMZ_INET_HOST_DENY_IP=""
  # DMZ_LAN_xxx = DMZ->LAN access rules (forward) #
  # Enable this to make the default policy allow for ICMP(ping) for DMZ->LAN
  DMZ_LAN_OPEN_ICMP=0
  # Put in the following variables which DMZ hosts you want to allow to certain
  # hosts/services on the LAN (net).
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Allow port 80 on LAN host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_LAN_HOST_OPEN_xxx="0/0>1.2.3.4~80"
  # Advanced (Allow port 20 & 21 on LAN host 1.2.3.4 for all DMZ hosts (0/0) and
  # allow port 80 for DMZ host 5.6.7.8 (only) on LAN host
  # 1.2.3.4):
  # DMZ_LAN_HOST_OPEN_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Allow protocols 47 & 48 on LAN host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_LAN_HOST_OPEN_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  DMZ_LAN_HOST_OPEN_TCP=""
  DMZ_LAN_HOST_OPEN_UDP=""
  DMZ_LAN_HOST_OPEN_IP=""
  # Firewall policies for the external (inet) interface (default policy = drop) #
  # Put in the following variable which hosts (subnets) you want have full access
  # via your internet (EXT_IF) connection(!). This is especially meant for
  # networks/servers which use NIS/NFS, as these protocols require all ports
  # to be open.
  # NOTE: Don't mistake this variable with the one used for internal nets.
  FULL_ACCESS_HOSTS=""
  # Put in the following variable which TCP/UDP ports you don't want to
  # see broadcasts from (eg. DHCP (67/68) on your EXTERNAL interface. Note that
  # to make this properly work you also need to set "EXTERNAL_NET"!
  BROADCAST_TCP_NOLOG=""
  #BROADCAST_UDP_NOLOG="67 68"
  # Put in the following variables which hosts you want to allow for certain
  # services.
  # TCP/UDP port format (HOST_OPEN_TCP & HOST_OPEN_UDP):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (HOST_OPEN_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  # ICMP protocol format (HOST_OPEN_ICMP):
  # "host1 host2 ...."
  HOST_OPEN_TCP=""
  HOST_OPEN_UDP=""
  HOST_OPEN_IP=""
  HOST_OPEN_ICMP=""
  # Put in the following variables which hosts you want to DENY(DROP) for certain
  # services (and logged).
  # to DENY(DROP) for certain hosts.
  # TCP/UDP port format (HOST_DENY_TCP & HOST_DENY_UDP):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (HOST_DENY_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  # ICMP protocol format (HOST_DENY_ICMP):
  # "host1 host2 ...."
  HOST_DENY_TCP=""
  HOST_DENY_UDP=""
  HOST_DENY_IP=""
  HOST_DENY_ICMP=""
  # Put in the following variables which hosts you want to DENY(DROP) for certain
  # services but NOT logged.
  # TCP/UDP port format (HOST_DENY_xxx_NOLOG):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (HOST_DENY_IP_NOLOG):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  # ICMP protocol format (HOST_DENY_ICMP_NOLOG):
  # "host1 host2 ...."
  HOST_DENY_TCP_NOLOG=""
  HOST_DENY_UDP_NOLOG=""
  HOST_DENY_IP_NOLOG=""
  HOST_DENY_ICMP_NOLOG=""
  # Put in the following variables which hosts you want to REJECT (instead of
  # DROP) for certain TCP/UDP ports.
  # TCP/UDP port format (HOST_REJECT_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  HOST_REJECT_TCP=""
  HOST_REJECT_UDP=""
  # Put in the following variables which hosts you want to REJECT (instead of
  # DROP) for certain services but NOT logged.
  # TCP/UDP port format (HOST_REJECT_xxx_NOLOG):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  HOST_REJECT_TCP_NOLOG=""
  HOST_REJECT_UDP_NOLOG=""
  # Put in the following variables which services THIS machine is NOT
  # permitted to connect TO (remote end-point) via the external (internet)
  # interface. For example for blocking IRC (tcp 6666:6669).
  DENY_TCP_OUTPUT=""
  DENY_UDP_OUTPUT=""
  DENY_IP_OUTPUT=""
  # Put in the following variables to which hosts THIS machine is NOT
  # permitted to connect TO for certain services (remote end-point)
  # via the external (internet) interface. In principle you can also
  # use this to put your machine in a "virtual-DMZ" by blocking all traffic
  # to your local subnet.
  # TCP/UDP port format (HOST_DENY_TCP_OUTPUT & HOST_DENY_UDP_OUTPUT):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (HOST_DENY_IP_OUTPUT):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  HOST_DENY_TCP_OUTPUT=""
  HOST_DENY_UDP_OUTPUT=""
  HOST_DENY_IP_OUTPUT=""
  # Enable (1) to make the default policy allow for IPv4 ICMP (ping) for INET access
  # Note: Other ICMP variables apply to both IPv4 and IPv6 unless otherwise noted.
  OPEN_ICMP=0
  # Disable (0) to make the default policy drop IPv6 ICMPv6 for INET access
  # Note: Other ICMP variables apply to both IPv4 and IPv6 unless otherwise noted.
  OPEN_ICMPV6=1
  # Put in the following variables which ports or IP protocols you want to leave
  # open to the whole world.
  OPEN_TCP=""
  OPEN_UDP=""
  OPEN_IP=""
  # Put in the following variables the TCP/UDP ports you want to DENY(DROP) for
  # everyone (and logged). Also use these variables if you want to log connection
  # attempts to these ports from everyone (also trusted/full access hosts).
  # In principle you don't need these variables, as everything is already blocked
  # (denied) by default, but just exists for consistency.
  DENY_TCP=""
  DENY_UDP=""
  # Put in the following variables which ports you want to DENY(DROP) for
  # everyone but NOT logged. This is very useful if you have constant probes on
  # the same port(s) over and over again (code red worm) and don't want your logs
  # flooded with it.
  DENY_TCP_NOLOG=""
  DENY_UDP_NOLOG=""
  # Put in the following variables the TCP/UDP ports you want to REJECT (instead
  # of DROP) for everyone (and logged).
  REJECT_TCP=""
  REJECT_UDP=""
  # Put in the following variables the TCP/UDP ports you want to REJECT (instead
  # of DROP) for everyone but NOT logged.
  REJECT_TCP_NOLOG=""
  REJECT_UDP_NOLOG=""
  # Put in the following variable which hosts you want to block (blackhole,
  # dropping every packet from the host).
  BLOCK_HOSTS=""
  # Blocked Hosts are by default blocked in both Inbound and Outbound directions.
  # If only Inbound blocking is desired, set to 0 to disable bidirectional blocking.
  BLOCK_HOSTS_BIDIRECTIONAL=1
  # Uncomment & specify here the location of the file that contains a list of
  # hosts(IPs) that should be BLOCKED. IP ranges can (only) be specified as
  # w.x.y.z1-z2 (eg. 192.168.1.10-15). Note that the last line of this file
  # should always contain a carriage-return (enter)!
  #BLOCK_HOSTS_FILE="/etc/arno-iptables-firewall/blocked-hosts"
  Service status:
  $ 0.status arno-iptables-firewall.service
  arno-iptables-firewall.service - A secure stateful firewall for both single and multi-homed machine
  Loaded: loaded (/usr/lib/systemd/system/arno-iptables-firewall.service; enabled)
  Active: active (exited) since Tue 2013-02-19 12:45:30 CET; 38s ago
  Main PID: 7781 (code=exited, status=0/SUCCESS)
  CGroup: name=systemd:/system/arno-iptables-firewall.service
  which is a bit confusing as it says 'active' and 'exited' at the same time...
  and then I get into my phone through adb shell, and I run:
  root@android:/ # su
  root@android:/ # netcfg usb0 dhcp
  action 'dhcp' failed (Timer expired)
  So apparently something is wrong,

• How to change the NAT type to Open on a Imac using bridged connections

  Hey everyone I have a problem. I play xbox live with my friends and i just moved and dont have a wireless adapter anymore. so i have bridged connections with my imac and xbox via ethernet. It works perfectly, but the only problem is that when i connect it say that my NAT type is strict. To play with all my friends i need a open NAT type. Does anyone know how to make the NAT type on the Imac open. And i do have a D-link router model DIR-625. When i called D-link they said to port forward, i did and it still didnt work, they said it must be the fire wall on the mac, microsoft said the same thing, that it might be the fire wall. I checked the fire wall and it said "All Incoming connections are allowed".
  I would really much appreciate it if someone helped me. Thank you!

  Yes, most likely. Microsoft has provided a list of XBox LIVE!-compatible routers. Since the OS X Internet Sharing feature is limited, there is no way to configure port mapping or placing the XBox in a DMZ with it. Typically, you either use a compatible router or configure port mapping/DMZ for non-compatible routers.

• My Ipad2 won't turn off.  I've tried the reset method,  holding both buttons down for at least 10 seconds, but this doesn't work. I'm on version 5.1.1 and all other functions work except that I cannot get onto the internet via wi-fi either.  Help ??

  My Ipad2 won't turn off.  I have tried the reset method by holding both buttons down for at least 10 seconds, but this doesn't work.  I can't get onto the internet via wi-fi either (don't have a 3G card fitted).  All other functions seem to be working OK including charging. Not had this problem before, but I recently upgraded software to 5.1.1 so is there a bug in there somewhere?

  Look at last link.
  Look at iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
  iPad: Issues connecting to Wi-Fi networks  http://support.apple.com/kb/ts3304
  iOS: Recommended settings for Wi-Fi routers and access points  http://support.apple.com/kb/HT4199
  Additional things to try.
  Try this first. Turn Off your iPad. Then turn Off (disconnect power cord) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
  Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
  Change the channel on your wireless router. Instructions at http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
  Another thing to try - Go into your router security settings and change from WEP to WPA with AES.
  How to Quickly Fix iPad 3 Wi-Fi Reception Problems
  http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
  If none of the above suggestions work, look at this link.
  iPad Wi-Fi Problems: Comprehensive List of Fixes
  http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
  Fix iPad Wifi Connection and Signal Issues  http://www.youtube.com/watch?v=uwWtIG5jUxE
  Unable to Connect After iOS Update - saw this solution on another post.
  https://discussions.apple.com/thread/4010130?tstart=60
  Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
  ~~~~~~~~~~~~~~~
  If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
   Cheers, Tom

• BW authorizations for universe connections

  Hello experts,
  Is it possible to use a universe without giving the user 0BI_ALL authorization? We want the same user to connect via BICS and universe and if we use 0BI_ALL for universe connections, the analysis authorizations for BICS doesn't work.
  Any idea on how to have row security levels on both connections at same time?
  We are using BW 7.0 and BO 4.0 SP5.
  Many thanks in advance.

  Hello David,
  using BI Authorizations in BW and then adding data level security in the Universe on top of that will only lead to situations like you have now.
  Data Level security goes into BW alone or into the Universe alone, mixing both will lead to issues and remember that the Universe has far less capabilities in this area.
  0BI_ALL is only related to data level security, so the fact that you see the request for 0BI_ALL in the trace clearly shows that your defined data level security entries contradict each other somehow and that BW then requires 0BI_ALL for the user to give the data that was requested.
  like I said above, not a good idea to mix those data level security concepts. all data level security should be in BW already.
  Also - why even use the Universe inbetween ?
  regards
  Ingo Hilgefort, SAP

• "Photoshop" Waiting for Bridge CS6... on a MAC BOOK PRO help

      I have a Mac book Pro, with retina display running on OS X version 10.9.4. and I cannot get mini-bridge to run.  Adobe first told me the problem was with Apple, I contacted Apple and the problem was not with them.  Adobe told me the problem was with my service provider and passwords and firewalls on my internet connection, check with Rogers and no problems.  Now I am told by Adobe this problem is with switchboard (Adobe owns this).
       I have tried everything on the FAQ page to fix the problem and I have also spent days on the phone with Adobe.  They have had me uninstall and reinstall all of my Adobe programs numerous times and I have spent hours at a time on the phone trying all kinds of “fixes”.  Adobe has told me on three separate occasions they have escalated this problem to the highest level of technical support and I still have no resolution. We (Adobe and I) have been at this for well over a month now and It’s gotten so, now Adobe doesn't even call me back anymore.
      The reason I so need this fixed is, as I explained to Adobe, I am in night school (now) for Photoshop and I require mini-bridge in class.  I am hoping that someone else out there has had this problem and knows what the fix is because I have no options open to me this time.  When Photoshop is launched and I clicked on mini-bridge all I see is waiting for Bridge CS6… Nothing more happens, Photoshop is version 13.0.6 X64.  I have stayed home the past few times Adobe has said they would call and nobody has called, it's getting costly at work.
  If anyone can help, it would be greatly appreciated and thank you.
  Help :-(

  Hello Gener7,
       I did try everything on the FAQ page (all steps) I also did them a few more times with "Adobe help" walking me through 2 more times.  I just don't get it, I have been on with Adobe on some days up to 5 hours at a time for over a month now.  I think it must be something with the installation disc but they say no, no, switchboard is just not working on my OS X 10.9.4.  I even took the computer into the apple store here and had them look it over, reinstall everything and they say it's the Adobe software.
       Thank you very much for your help, it's nice to know someone is reading this :-)  I do work around this by saving the files and reopening them in the next program I need but everyone in class is always waiting on me, (it sucks) and I just think it should work.  Hope you have a good day and I will put an update on here if this is ever figured out.
  Thanks one more time :-)

• Why does 2 Airport Expresses connects to one another instead of connecting to the primary Airport Extreme For internet Connectivity ?

  I have Netgear DG834G router only for dsl connectivity wifi connectivity to that router is off. i have connected netgear that provides adsl connectivity to the  (Shakeel's Airport Extreme) Airport Extreme dual band Wireless N 5th generation via cat 5 cable so airport extreme is the main wifi device through which i get wifi signals at my home. now our house is big and i have installed the adsl netgear modem and airport extreme router at the same place in my room in the upper story but the signals are weak even in the upper story at the other end of the house so i have installed the new airport express dual band wireless N in the upper story (Kafeel's airport express) and it is connected to the primary airport extreme  (Shakeel's Airport Extreme) wireless router in range extention mode it repeats the same ssid. Our ground floor has another airport express dual band wireless N the new one ( Lounge's airport express) signal was weak there so i installed another airport express (Lounge's Airport Express) their and configured it to extend the range of primary router airport extreme  (Shakeel's Airport Extreme) in the upperstory with the same ssid. Now the problem i am facing that sometimes lounge's airport express connects to kafeel's airport express instead of connecting to the airport extreme and the signals in lounge are weak because all the devices are connected to kafeels airport express and does not connect to lounge air port express. but when lounge airport express is connected to primary router airport extreme then everything works fine devices connect to lounge airport express and signals are full. i have took pictures of the problem i am facing you will understand better by having a look at it. In normal working setup both the airport expresses are connected to airport extreme which is shown in this picture
  The second picture shows when lounge airport express is connected to kafeels airport express and not the airport extreme (Shakeel's Airport Extreme) this is the problem.
  isnt there a way to correct this so that they dont connect with each other and connect to the airport extreme ?

  Lounge's AirPort Express must be located signficantly closer to Shakeel's AirPort Extreme than it is to Kafeel's AirPort Express, and there must be fewer obstructions in the signal path than the other possible connection.
  The reason is that if you want Lounge's AirPort Express to connect to Shakeel's AirPort Extreme, it must receive a significantly stronger wireless signal from Shakeel's AirPort Extreme than it does from Kafeel's AirPort Express.

• Waiting for a connection... all the time

  Hi there
  Waiting for a connection... 
  This information display all the time after instalation  wht's I'm doing wrong  - network  that I use is my home wi fi  because of other device thath i want to pair

  1. Do You have installed on Your PC  and turned on Adobe Edge inspect CC
  2. and You are Login create Adobe creative cloud ?
  I'll try instal with new account on other PC and try to write down step by step  how to run this.
  There is always small thing that mess up everything
  Try one more time:
  In chrome select change status from O to I  to turn on EI  turn on your EI in PC and when you see in chrome Your name  and IP adress  open application on mobile (should work in same Wi-Fi both PC and mobile)  Click + sign and input your IP adress and  Join