How to configure DNS ???
Hi everybody, please tell me how to configure DNS. Which file is needed configuring???
Thanks alot.
Excuse me, maybe u miss understanding about me. I'm not going to keep that information for myself. I don't know that u are interested in it. I always wanna get knowledge from everybody and share my knowledge ,hope that it is useful to someone.
My problem was: i didn't assign defaultgateway to my networking interface (IP 192.168.1.45). I connect internet through a Lan (through another machine IP 192.168.1.12), so if i wanna to use DNS server, i must route my machine to Gateway in order to connect to DNS server.
Thank u for a straight quote. I'm Vietnamese. We are friends !!!
Similar Messages
-
How to configure DNS on RED HAT 5,4
Hello Linux experts
I'm need to configure dns service for Oracle RAC 11gR2
For dns server, I'm using the hosts for RAC.
How to configure DNS on RED HAT 5.4 ?
Anyone have a manual for do this ?
Best RegardssRegardless of whether your will find tools or perl scripts like h2n, or manage your configuration files directly, you will need to get yourself familiar with basic DNS concepts and terms. A DNS cluster is a number of nameservers that share DNS records. You may perhaps rather want to setup a DNS server system consisting of a master and slave DNS server for your authoritative zone (domain name) on each node, but also configure for DNS forwarding and perhaps caching to public DNS servers on the internet. You may want to configure primary and secondary DNS records on your client sides in /etc/resolve.conf, perhaps also using some round-robin or timeout options.
I'm afraid Google will be your best friend. You may find below links helpful in your approach:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_%3A_Ch18_%3A_Configuring_DNS
http://tldp.org/LDP/lame/LAME/linux-admin-made-easy/domain-name-server.html
http://www.redhat.com/magazine/025nov06/features/dns/
http://www.chinalinuxpub.com/doc/www.siliconvalleyccie.com/linux-hn/dns-static.htm -
How to configure DNS server to redirect all web traffic to one external website?
I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
(BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof. So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc.
If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address. This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server. Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests. There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want. Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too. But this is also rather more pieces than a DNS redirect, too. -
How to configure DNS to support ipv4 and ipv6
I have a 2008 r2 domain controller in my lab.
i'm doing Exchange 2007, 2010 and 2013. I have mix Windows 2008 r2 servers for other applications.
i'm running into issues where i'm thinking it is time to have both IPV4 & IPV6 to run on all lab machines.
I can't get a clear picture on how to accomplish a mix environment. in the DNS administrator do I create a new "reverze lookup zone" with only the IPV6? or do I have to create a new record in the "forward lookup zone" to with both IPV4
& IPV6 which the later points to the new "reverse lookup zone".
I see a lot of internet article but little on "how to".
or on the DC should I enable the DHCP role to support the IPV6?1. You assign an IPv6 address to the domain controller/DNS server
One method is letting this site (legitimate) create a random private IPv6 range for you:
http://www.simpledns.com/private-ipv6.aspx
For example:
fd06:fcde:8b4e:d6bd:xxxx:xxxx:xxxx:xxxx
You can configure the x's like this (you cannot leave the x's there):
fd06:fcde:8b4e:d6bd:0000:0000:0000:0001
If you close and open IPv6 properties, or do an "ipconfig /all" you'll see that the IPv6 is abbreviated as follows:
fd06:fcde:8b4e:d6bd::1
That's normal.
If you look in your forward lookup zone, you'll now see this IPv6 address (you may have to register that manually - ipconfig /registerdns - but it seemed to happen automatically for me.
So there is no need to create a separate forward lookup zone for IPv6.
OK, but what about the reverse zone?
2. Create reverse lookup
In DNS Manager (what you call administrator), right-click on reverse lookup zone, select New Zone, click, Next, Next (default values are fine) until you choose between IPv6 and IPv4. Selecft IPv6 of course.
Then enter your prefix as shown here:
That's it. The reverse lookup information is configured automatically (your prefix " backwards").
Now, unlike with the forward lookup zone, my domain controller does not seem to be registering its name in the reverse IPv6 zone: there's only the SOA and NS record.
But that's another question.
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. -
I new in solaris can anyone tell me how to configure dns client? thank you
1. Edit the /etc/resolv.conf file
vi /etc/resolv.conf
domain example.com
nameserver xxx.xxx.xxx.xxx # IP address of name server
nameserver xxx.xxx.xxx.xxx # IP address of sec name server
search test.example.com research.example.com
2. Configure DNS as the naming service .
cp /etc/nsswitch.dns /etc/nsswitch.conf
3. [b]Bounce the naming service .
svcadm restart network/dns/client
(OR)
Reboot the machine
4. Testing the DNS client
nslookup -
External Web Server links to internal web server on LAN - how to configure?
I'm hoping someone can give me a bit of assistance with some routing configurations:
Currently, I have a Cisco PIX 515E that's handling my VPN and routing/DNS, etc. I'm dumping the PIX (it's overkill for my organization and it's costing too much money for Cisco-certified techs to come in and still not configure it correctly for my needs - long story).
Furthermore, an external website hosted with our ISP links to a public IP (let's say 192.x.x.1) that points through the current PIX firewall, through a DMZ, and then to a webserver hosted locally behind our firewall.
I'd like our Xserve to take over for the PIX, providing VPN access, DNS, etc. and to properly route calls from the web to 198.x.x.1 to the correct server behind out network.
The Xserve has two NIC cards, one on a public IP 192.x.x.2 (for the sake of this discussion) and one with it's internal address of 10.1.0.2 for file sharing, etc.
The internal web server also has 2 NIC cards, one that listens for the links to 192.x.x.1, and one that listens locally on 10.1.0.80 for LAN application services.
How do I configure DNS/etc. on the Xserve to properly channel the incoming calls to 192.x.x.1 to properly reach the server they're supposed to reach?
Any help is appreciated. If more info is needed, I'm happy to provide.
Thanks in advance!I've read your post several times and I'm pretty sure I understand what you're saying, until the line:
>How do I configure DNS/etc. on the Xserve to properly channel the incoming calls to 192.x.x.1 to properly reach the server they're supposed to reach?
Assuming that the 192.x.x.1 address is a real-world, public IP address that the web server is using, you want all requests from the outside world to go to this address, correct? but requests from the inside world want to go to the 10.1.0.80 address on that server?
That part I get - you want split DNS, which is not trivial to setup, but is manageable. The part I don't get is where the firewall comes in - you're removing the pix and replacing it with an XServe, but the web server has a public IP address in the same range as the XServe's public IP address and on that basis no traffic is going to flow through the firewall.
So I'm not sure if this is a firewall or a DNS question.
Split DNS will handle the internal vs. external traffic going to the different IP addresses of your server. You can't use Server Admin to do this (it can't handle multiple views of the DNS), but it is possible to do by hand.
The firewall element stumps me, though - but if the XServe is going to run as the firewall you might just find it easier to put the web server behind the firewall and forget the whole DMZ concept.
Then again, you could get the PIX operating correctly - it's a viable firewall appliance and I'd be surprised if it couldn't do what you want here. -
How to Configure Multiple Relays / Mail Gateways
Platform: Sun Solaris 8
Software: iMS 5.2
How to Configure two MX ( relay / Gateway servers) records in imta config file..? Our requiorement is to have two gateways defined ..for example "xyz.net" and "xyz.com". All emails destined to email addresses ending with ".net" should use the "xyz.net" gateway and rest of them should use the "xyz.com" gateway. and the configuration should be flexible enopugh to accomodate future additions to our gateways.
An Early Response would be appriciated.
Thanks
Arun AddepalliWell, To point the outside mail servers to your gateways just put MX entries for each domain into DNS and point dns to the correct host for that domain.
To make the mail server recognize the domain just create it in the ida and put the users under that domain. The users mailhost attribute will take care of letting the gateways know where to forward the mail so it will go to the correct host.
If you need to do domain aliasing with the same users for both domains that is a bit different. Do you need to do this? -
How to configure multiple domains in Active directory
HI,
How can I configure multiple domains on Active Directory. When I installed AD it asked for a domain name, there I gave ravigupta.com as domain name. But now I find no way of creating another domain.
I am a java developer and my task is to write a programme which returns all the domains available in LDAP server.
To start with ,I tried to create few domains in LDAP server ( AD ) but stuck up ,as i found there could exist only one domain.
Please tell me how to configure multiple domains in LDAP server ( Active Directory).
I skiped DNS configuration while AD installation.
-raviI'm sorry, but you should be asking on a different forum. This has nothing to do with Java.
-
How to configure link between 2921 and SM-D-ES3G-48-P EtherSwitch Service Module
hi,
I can't do that like the procedure given by Cisco.
http://www.cisco.com/en/US/partner/docs/routers/access/interfaces/software/feature/guide/eesm_sw.html#wp1942894
Cisco Procedure :
interface gi10/0
ip address x.x.x.x x.x.x.x
service-module gigabitethernet 1/0 session
My result :
R2921-8CPITR-1(config)#int gi 1/1
R2921-8CPITR-1(config-if)#ip address 2.2.2.2 255.255.255.192
% IP addresses may not be configured on L2 links.
R2921-8CPITR-1(config-if)
R2921-8CPITR-1(config)#interface gigabitEthernet 1/1.1 ?
% Unrecognized command
R2921-8CPITR-1(config)#interface gigabitEthernet 1/1 ?
<cr>
R2921-8CPITR-1(config)#
the session is not possible also ?
R2921-8CPITR-1#service-module gigabitEthernet 1/1 sess
^
% Invalid input detected at '^' marker.
R2921-8CPITR-1#
The routeur said that it's not a L3 port, so how to configure it to allow communication between the 2921 and the card ?
Is there a bug with that version I'm in 15.1(4)M4 ????
R2921-8CPITR-1#sh ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 20-Mar-12 18:57 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
R2921-8CPITR-1 uptime is 19 hours, 21 minutes
System returned to ROM by power-on
System restarted at 16:00:45 GAB Fri Sep 14 2012
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO2921/K9 (revision 1.0) with 479232K/45056K bytes of memory.
Processor board ID FGL1618119E
6 Gigabit Ethernet interfaces
2 terminal lines
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
Device# PID SN
*0 CISCO2921/K9 FGL1618119E
Technology Package License Information for Module:'c2900'
Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc None None None
data None None None
Configuration register is 0x2102
R2921-8CPITR-1#Same issue here.
I just waited a few minutes and the interface went down and back up, this time it was a L3 interface.
My guess is that it was booting the switch module IOS, and it detected it until it was fully booted:
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
Apr 11 05:26:52.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
Apr 11 05:27:46.947: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
Apr 11 05:27:47.031: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
Apr 11 05:27:47.083: %LINK-5-CHANGED: Interface GigabitEthernet1/0, changed state to administratively down
Apr 11 05:27:47.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
Apr 11 05:27:48.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to down
Apr 11 05:27:49.283: %IP-5-WEBINST_KILL: Terminating DNS process
Apr 11 05:27:52.499: %LINK-3-UPDOWN: Interface GigabitEthernet1/1, changed state to up
Apr 11 05:27:53.087: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 04-Sep-12 16:50 by prod_rel_team
Apr 11 05:27:53.255: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
Apr 11 05:27:53.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up
Apr 11 05:28:21.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Apr 11 05:29:22.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down
Apr 11 05:29:22.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Router>en
Router#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet1/0 unassigned YES unset administratively down down
GigabitEthernet1/1 unassigned YES unset up down
Vlan1 unassigned YES unset down down
Router#
Apr 11 05:29:46.106: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to upconf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int g1/0
Router(config-if)#ip add 1.1.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#
Apr 11 05:30:09.046: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
Apr 11 05:30:10.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
Router(config-if)#end -
How to configure Solaris 10 IPMP for Oracle VDI 3.3.2
Hi,
Does anyone have an indication on how to configure Solaris 10 IPMP in a manner that supports Oracle VDI?
We have setup two servers with 2 test addresses on physical and 1 logical for the hostname of the box, but when we configure VDI the VDI database does not come up on the 2nd box. We have also tried configuring IPMP without test addresses, but it doesn't make any difference - the DB still doesn't go into the up state after configuration on the 2nd server.
Solaris 10 u9 with patches
Two physical NICs on management VLAN via 2 switches
Two physical NIcs on VDI VLAN via 2 switches
VDI 3.3.2
All hostnames are in DNS and resolve for short name, FQDN and also reverse IP lookup
The is a proposal pdf on Oracle website that mentions IPMP, so someone has done it. Just could do with a hint on how it was done so that it works.
( http://www.oracle.com/us/technologies/virtualization/vdi-design-proposal-1401195.pdf )
Thanks
PaulOK, updating this with what was causing the issue.
Not an IPMP problem this was a DNS problem. The VDI servers have access to two DNS environments, so had a DNS search path that had the domain where the VMs where going to go and another for management of the box with two DNS servers listed in /etc/resolv.conf.
We configured VDI using the FQDN for the management DNS, however the vda-config script takes the hostname of the box adds the first DNS domain from /etc/resolv.conf search entry and configures using (it seams to ignore what you put into the vda-config). When the config script comes to configuring MySQL because the names didn't match (FQDN it created by adding hostname to the 1st entry in DNS search path & FQDN that you put into vda-config command), it decides that it is configuring a "Client MySQL" instance rather than a "Slave MySQL" instance, which means the VDA DB never comes up in the out of vda-center status.
So the fix is to:
1) configure IPMP without test addresses (so traffic comes out of the correct IP and can be reverse looked up in DNS by the other host)
2) if you have multiple DNS search entries, configure VDI using the first entry in your search path as its FQDN
Paul -
Hi
I am Setting A Lab Scenario That the PC name "Core2012" i.e. Server Core 2012 Will be Domain Controller.
Using PowerShell I have done this Task
Change hostname ; Configure IP address and Preferred DNS address ; Disable IPv6 ;
Configure Firewall ; Even Active Directory Role install.
Now problem occur
Well I have know to install DNS role install-WindowsFeature DNS
Ok
But;
How to configure FQDN ; Restore mode password ; Setting up global catalog server ;and configure Reverse Lookup zone Using powershell
I have search many Forums but I am not getting to touch with it.
So I Need a help to set and Configure DNS using Powershell
Thank You!!!
sagarpdalviHi Sagarpdalvi,
To set the Safe mode password with powershell, please refer to the cmdlet Install-ADDSDomainController, to enable global catalog(GC), please run the cmdlet "Set-ADObject" after install Active Directory on the core server, to configure Reverse Lookup zone,
please refer to the cmdlet
Add-DnsServerPrimaryZone.
To configure DC with powershell, please check the scripts:
Installing a Domain Controller on Windows Server 2012
R2 Core
Enabling and Disabling the Global Catalog
To configure DNS, the Domain Name System (DNS) Server Cmdlets should be helpful for you:
http://technet.microsoft.com/en-us/library/jj649850.aspx
I hope this helps. -
How to configure dhcp client identifier
Hi Everybody,
The DHCP client ID is an id that is unique for DHCP clients at least in the same subnet. Usually the client uses MAC-address as Client-Identifier in the DHCPDISCOVER message. The Client-Identifier may be different other than MAC-Address, For example a FQDN name, as per the RFC 2132 Ref, (code 61).+_
Usaually, we use the following to bind the ip address based on MAC-address
pntadm -r SUNWfiles -p /var/dhcp -A 10.42.32.86 -i '0:3:ba:a5:a9:93' -a 10.42.32.80
At server side, I am using the following for specifying the FQDN name.
pntadm -r SUNWfiles -p /var/dhcp -A 10.42.32.86 -i 'one.atr.com' -a 10.42.32.80
and at client side, I am inserting the following entry in the /etc/default/dhcpagent file
CLIENT_ID='one.atr.com'
But this is not working. What I am doing wrong.
+1. At the server side, then how to assign the ip addresses to the clients , if the Client-Identifier is FQDN name in the DHCPDISCOVER message other than MAC-Address.+
+2. How to configure the client-identifier as FQDN name at client side.+
Please help me,
Thanks Inadvance,
Mummaneni.Sandman,
Here is an example of a router acting as a DHCP server. Please remember that you have to exclude IP addresses that you don't want to lease out.
ip dhcp pool example
import all
network 192.168.1.0 255.255.255.0
dns-server 1.2.3.4
default-router 192.168.1.1
ip dhcp excluded-address 192.168.1.1 192.168.1.149
ip dhcp excluded-address 192.168.1.200 192.168.1.254
HTH,
Mark -
How to configure Firefox to use OpenVPN?
summary: I'm running OpenVPN from a Debian client through a Debian jumpbox/server. After I [start the server, start the client] most IP-based applications (DNS, ping, ssh) seem to work from the client, but client's Firefox cannot connect to http://www.whatismyip.com/ (or any other URI). How to configure Firefox to use the VPN? or otherwise fix the problem? or further debug it?
details:
I have a laptop running debian_version==jessie/sid with Firefox version=33.0 which needs to access a compute cluster. The cluster formerly required only an SSL VPN (enabled by a Firefox plugin) to access, but now has several additional requirements, which I seek to satisfy by running the SSL VPN through a jumpbox running an OpenVPN server. The jumpbox is running a "vanilla" Debian 7.7.
I have been using the laptop successfully for a few years without network problems. Currently I have the laptop connected by wire directly to an ISP-supplied modem/router. With `openvpn` NOT running on the laptop, I see:
* `ifconfig` shows no entry='tun0' (just "the usual" entries for 'eth0', 'lo', 'wlan0'), and shows the expected client IP# bound to 'eth0'.
* I can `ping` my jumpbox/server using its real IP#, but cannot `ping 10.8.0.1`
* I can `ssh` to my jumpbox/server using its real IP#, but cannot `ssh 10.8.0.1`
* `nslookup www.whatismyip.com` gives correct results
* browsing to http://www.whatismyip.com/ shows my client's IP# (as also shown in `ifconfig`)
Both my client/laptop and server/jumpbox setups are quite generic OpenVPN-wise, and are almost exactly as described on the Debian wiki
https://wiki.debian.org/openvpn%20for%20server%20and%20client
me@jumpbox:~$ date ; cat /etc/openvpn/server.conf
Sat Nov 8 16:49:00 EST 2014
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8" # google public DNS
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
me@laptop:~$ date ; cat /etc/openvpn/client1.conf
Sat Nov 8 16:51:31 EST 2014
client
dev tun
proto udp
remote ser.ver.IP.num 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client1.crt
key /etc/openvpn/client1.key
ns-cert-type server
comp-lzo
verb 3
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`:
me@jumpbox:~$ date ; sudo iptables -L
Sat Nov 8 16:42:06 EST 2014
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
After I start `openvpn` on first the server and then the client, I see no OpenVPN errors on either the server or the client:
me@jumpbox:~$ sudo openvpn --script-security 2 --config /etc/openvpn/server.conf &
Sat Nov 8 17:48:25 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Sat Nov 8 17:48:25 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 8 17:48:25 2014 Diffie-Hellman initialized with 1024 bit key
Sat Nov 8 17:48:25 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Nov 8 17:48:25 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Nov 8 17:48:25 2014 ROUTE default_gateway=ser.ver.gate.way
Sat Nov 8 17:48:25 2014 TUN/TAP device tun0 opened
Sat Nov 8 17:48:25 2014 TUN/TAP TX queue length set to 100
Sat Nov 8 17:48:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov 8 17:48:25 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sat Nov 8 17:48:25 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Nov 8 17:48:25 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Nov 8 17:48:25 2014 GID set to nogroup
Sat Nov 8 17:48:25 2014 UID set to nobody
Sat Nov 8 17:48:25 2014 UDPv4 link local (bound): [undef]
Sat Nov 8 17:48:25 2014 UDPv4 link remote: [undef]
Sat Nov 8 17:48:25 2014 MULTI: multi_init called, r=256 v=256
Sat Nov 8 17:48:25 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Nov 8 17:48:25 2014 ifconfig_pool_read(), in='TomRoche,10.8.0.4', TODO: IPv6
Sat Nov 8 17:48:25 2014 succeeded -> ifconfig_pool_set()
Sat Nov 8 17:48:25 2014 IFCONFIG POOL LIST
Sat Nov 8 17:48:25 2014 TomRoche,10.8.0.4
Sat Nov 8 17:48:25 2014 Initialization Sequence Completed
me@laptop:~$ sudo openvpn --script-security 2 --config /etc/openvpn/client1.conf &
Sat Nov 8 17:49:12 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 8 17:49:12 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Nov 8 17:49:12 2014 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Nov 8 17:49:12 2014 UDPv4 link local: [undef]
Sat Nov 8 17:49:12 2014 UDPv4 link remote: [AF_INET]jump.box.IP.num:1194
Sat Nov 8 17:49:12 2014 TLS: Initial packet from [AF_INET]jump.box.IP.num:1194, sid=25df7af6 0ece4089
Sat Nov 8 17:49:13 2014 VERIFY OK: depth=1, <my config data/>
Sat Nov 8 17:49:13 2014 VERIFY OK: nsCertType=SERVER
Sat Nov 8 17:49:13 2014 VERIFY OK: depth=0, <my config data/>
Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 8 17:49:14 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Nov 8 17:49:14 2014 [TomRoche] Peer Connection Initiated with [AF_INET]jump.box.IP.num:1194
Sat Nov 8 17:49:16 2014 SENT CONTROL [TomRoche]: 'PUSH_REQUEST' (status=1)
Sat Nov 8 17:49:16 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: route options modified
Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Nov 8 17:49:16 2014 ROUTE_GATEWAY lap.top.gate.way/255.255.255.0 IFACE=eth0 HWADDR=la:pt:op:MAC:ad:dr
Sat Nov 8 17:49:16 2014 TUN/TAP device tun0 opened
Sat Nov 8 17:49:16 2014 TUN/TAP TX queue length set to 100
Sat Nov 8 17:49:16 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov 8 17:49:16 2014 /sbin/ip link set dev tun0 up mtu 1500
Sat Nov 8 17:49:16 2014 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Sat Nov 8 17:49:16 2014 /etc/openvpn/update-resolv-conf tun0 1500 1542 10.8.0.6 10.8.0.5 init
dhcp-option DNS 8.8.8.8
Sat Nov 8 17:49:16 2014 /sbin/ip route add lap.top.IP.num/32 via lap.top.gate.way
Sat Nov 8 17:49:16 2014 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Sat Nov 8 17:49:16 2014 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Sat Nov 8 17:49:16 2014 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Sat Nov 8 17:49:16 2014 GID set to nogroup
Sat Nov 8 17:49:16 2014 UID set to nobody
Sat Nov 8 17:49:16 2014 Initialization Sequence Completed
I then see the following on my client:
* `ifconfig` shows a new entry=`tun0`, which looks correct
* I can `ping` the server using either its real IP# or `10.8.0.1`
* I can `ssh` to the server using either its real IP# or `10.8.0.1`
* `nslookup www.whatismyip.com` gives correct results
... but I get no connection if I open a new instance of Firefox and browse to http://www.whatismyip.com/ :-( "Looking up www.whatismyip.com..." succeeds quickly but the status line continues to display "Connecting to www.whatismyip.com..." until the attempt times out. I also get the same behavior (connection timeout) if I open a new instance of Chrome, or if I browse to http://www.whatismyip.com/ with a Firefox opened prior to starting OpenVPN. FWIW I get the same behavior browsing to any URI, including (e.g.) Google.
This is a major problem for me! For the SSL VPN to work, I need to start a Firefox and run it (since the SSL VPN's vendor only supports it on Linux via a Firefox plugin) to access a particular remote-access website. Furthermore I need the SSL VPN to run through the jumpbox/OpenVPN. (Don't ask, it's a long, sad story ...)
Is there something I must do to configure Firefox to use the VPN? Or is there some other way to fix this?
Alternatively, what should I do to further debug the problem? It just seems odd to me that the other services work (e.g., `nslookup`, `ssh`) but Firefox does not. That being said, both Firefox and Chrome fail in this usecase, so the problem might be generic to web browsers.
your assistance is appreciated, Tom Roche <[email protected]>You're kidding. You have to go through that rigamarole just to put your bookmarks on your own server? Where's the simple FTP option?
Also, the above-linked article has a broken link. The link to the weaveserver (which is what you have to set up on your own server) is no good, and there is no obvious replacement. There are plenty of Weave-related repositories here:
http://hg.mozilla.org/labs
but it's not clear what you need. -
How to configure OraMTS to allow WCF using MSDTC access OracleDB On unix?
How to configure OraMTS to allow WCF using distributed transactions to access the ORACLE database On Linux/Unix ?
Env:
1. DB-tier node , ORACLE database (version: 11.2.0.1.0) on Redhat Linux server ;
2. middle-tier node ,Both the client, the MS DTC and Oracle MTS run on the same computer , Win7 x64 OS , installed .Netframework 4.0, ODP.net (ODAC112030), and configure the component services in a distributed transaction;
Has done the configuration:
1. ORACLE database on a Linux server (version: 11.2.0.1.0) has execute oramtsadmin.sql script;
2.ORACLE database on a Linux server (version: 11.2.0.1.0) has execute the following script, Creating an Access Control List (ACL);
BEGIN
-- Create the new ACL, naming it "OraMTSadmin.xml", with a description.
-- This provides the OraMTS administrative user e.g. MTSADMIN user FOO
-- the privilege to connect
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('OraMTSadmin.xml',
'Allow usage to the UTL network packages',
'ORAMTS', TRUE, 'connect');
-- Now grant privilege to resolve DNS names to the OraMTS administrative user
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE('OraMTSadmin.xml' ,
'ORAMTS', TRUE,'resolve');
-- Specify which hosts this ACL applies to, in this case we are allowing
-- access to all hosts. if one knew the list of all Windows middle-tier,
-- these could be added one by one.
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('OraMTSadmin.xml','*');
END;
3. ORACLE database on a Linux server has set JOB_QUEUE_PROCESSES = 1000;
4. restart Oralce;
5.Test code as follows :
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using JetSun.Infrastructure;
using Microsoft.VisualStudio.TestTools.UnitTesting;
using JetSun.Infrastructure.ServiceModel;
using JetSun.DataModel.Cis;
using JetSun.TestFramework;
using System.IO;
using System.Data.EntityClient;
using System.Data.Objects;
using ConsoleApplicationTest;
using System.Transactions;
namespace Core.Tests
[TestClass]
public class EfOracleTest
public TestContext TestContext { get; set; }
[TestMethod]
public void GetEntities()
//string cn = "DATA SOURCE=HIS30;DBA PRIVILEGE=SYSDBA;PASSWORD=jetsun;PERSIST SECURITY INFO=True;USER ID=SYS;enlist=true";
string cn = "DATA SOURCE=HIS30;DBA PRIVILEGE=SYSDBA;PASSWORD=mtssys;PERSIST SECURITY INFO=True;USER ID=mtssys;enlist=true";
DbsSetting s = new DbsSetting(Dbs.IP, DbsProvider.Oracle, cn);
Runtime.SetDeploymentDir(TestContext.TestDeploymentDir);
File.Copy("E:\\VSTS\\MedicalHealth\\bin\\Debug\\DataModel.Cis.Oracle.dll", Path.Combine(TestContext.TestDeploymentDir, "DataModel.Cis.Oracle.dll"));
//File.Copy(@"E:\VSTS\MedicalHealth\DataModel\Oracle\DataModel.Cis\EdmDiagnose.csdl", Path.Combine(TestContext.TestDeploymentDir, "EdmDiagnose.csdl"));
//File.Copy(@"E:\VSTS\MedicalHealth\DataModel\Oracle\DataModel.Cis\EdmDiagnose.ssdl", Path.Combine(TestContext.TestDeploymentDir, "EdmDiagnose.ssdl"));
//File.Copy(@"E:\VSTS\MedicalHealth\DataModel\Oracle\DataModel.Cis\EdmDiagnose.msl", Path.Combine(TestContext.TestDeploymentDir, "EdmDiagnose.msl"));
File.Copy(@"D:\vsts_test\ConsoleApplicationTest\ConsoleApplicationTest\bin\Debug\Model1.csdl", Path.Combine(TestContext.TestDeploymentDir, "Model1.csdl"));
File.Copy(@"D:\vsts_test\ConsoleApplicationTest\ConsoleApplicationTest\bin\Debug\Model1.ssdl", Path.Combine(TestContext.TestDeploymentDir, "Model1.ssdl"));
File.Copy(@"D:\vsts_test\ConsoleApplicationTest\ConsoleApplicationTest\bin\Debug\Model1.msl", Path.Combine(TestContext.TestDeploymentDir, "Model1.msl"));
string connectionString = s.ToEdmConnectionString(typeof(EdmEncounter), false);
//// Initialize the EntityConnectionStringBuilder.
//EntityConnectionStringBuilder entityBuilder =
// new EntityConnectionStringBuilder();
////Set the provider name.
//entityBuilder.Provider = s.Provider.Provider;
//// Set the provider-specific connection string.
//entityBuilder.ProviderConnectionString = cn;
//// Set the Metadata location.
//entityBuilder.Metadata = string.Format(@"res://{0}/EdmDiagnose.csdl|res://{0}/EdmDiagnose.ssdl|res://{0}/EdmDiagnose.msl", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
//entityBuilder.Metadata = string.Format(@".\Model1.csdl|.\Model1.ssdl|.\Model1.msl", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
//connectionString = entityBuilder.ToString();
////using (Entities edm = new Entities(connectionString))
//// foreach (var item in edm.ENCOUNTERs.Take(10))
//// Console.WriteLine("{0}\t{1}", item.ENCOUNTERID, item.DISPLAYNAME);
//entityBuilder.Metadata = string.Format(@"res://*/EdmDiagnose.csdl|.\EdmDiagnose.ssdl|.\EdmDiagnose.msl", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
//entityBuilder.Metadata = string.Format(@"res://{0}/", "DataModel.Cis.Oracle, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null");
connectionString = s.ToEdmConnectionString(typeof(EdmFeeInfo), false);
try
//using (TransactionScope tx = new TransactionScope())
using (TransactionScope scope = new TransactionScope(TransactionScopeOption.Required, new TimeSpan(0, 0, 30)))
//using (var dbcn = s.Provider.CreateConnect(connectionString))
using (EdmFeeInfo edm = new EdmFeeInfo(connectionString))
//edm.Connection.CheckOpen();
//using (edm.Connection.BeginTransaction())
foreach (var item in edm.FeeInfos.Take(100))
TestContext.WriteLine("{0}\t{1}", item.EncounterId, item.Amount);
item.Amount = item.Amount * -1;
edm.SaveChanges();
// using (EdmFeeInfo edm2 = new EdmFeeInfo(connectionString))
// edm2.Connection.CheckOpen();
// edm2.Connection.EnlistTransaction(Transaction.Current);
// foreach (var item in edm2.FeeInfos.Take(100))
// item.Amount = item.Amount * -1;
// edm2.SaveChanges();
// throw new NotImplementedException();
TestContext.WriteLine("-----------1---------------");
using (EdmFeeInfo edm = new EdmFeeInfo(connectionString))
foreach (var item in edm.FeeInfos.Take(100))
TestContext.WriteLine("{0}\t{1}", item.EncounterId, item.Amount);
throw new NotImplementedException();
catch (Exception ex)
TestContext.WriteLine((ex.InnerException ?? ex).Message);
TestContext.WriteLine("-------------2-------------");
using (EdmFeeInfo edm = new EdmFeeInfo(connectionString))
foreach (var item in edm.FeeInfos.Take(100))
TestContext.WriteLine("{0}\t{1}", item.EncounterId, item.Amount);
6. the test results are as follows:
4 125
4 835.45
4 3458
4 2350
4 200
4 100
4 300
4 123
4 234
无法列入分布式事务处理 (Could not be included in the Distributed Transaction)
-------------2-------------
4 125
4 835.45
4 3458
4 2350
4 200
4 100
4 300
4 123
The main error message:无法列入分布式事务处理 (Could not be included in the Distributed Transaction) , not use distributed transaction everything is normal.
My test environment MS DTC and Oracle MTS Recovery Service run on the same computer, but OracleMTSRecoveryService registry values under£º HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ ORACLE \ OracleMTSRecoveryService ,not under HKEY_LOCAL_MACHINE \ SOFTWARE \ ORACLE,I do not know that there is no relationship.
Is not configured incorrectly?Who can help me, thank you very much!Do you really have a requirement to push data from Oracle to Access rather than pulling data from Oracle to Access? It would be exceptionally unusual to push data from Oracle to Access.
Pushing from Oracle to Access would means that you want some Oracle process running that is updating Access. But you said that your Access database was on your "local desktop" which implies that it is not running on a server where it is always available. So that means that the Oracle process is going to regularly encounter (and report) errors because the Access database is not available. In turn, that's going to mean that your push process is either going to cause the underlying transaction to fail or it's going to mean that the push process is going to have to implement a fair amount of code to queue data to be pushed at a later date (and track all those changes) which is no small task. None of that seems particularly pleasant.
On the other hand, Access is designed to pull data from real relational databases like Oracle. That's the far more normal approach architecturally. It doesn't require an Oracle process, it doesn't generate errors on the Oracle database when the local desktop is down, etc.
And, of course, I'm assuming that introducing Access is even architecturally reasonable. Most organizations would be extremely hesitant to allow data from an Oracle database to get moved into Access because that quickly means that they lose control of the data from a security standpoint, that there are now multiple copies of the data floating around when changes & corrections are made, etc. That causes all sorts of headaches normally above and beyond the headaches that pushing from Oracle to Access would create.
Justin -
Reg: How to Configure internet for solaris 10 in x86 32 bit
Hi,
I am new to Sun Solaris can any one help me detailed step of how to configure internet for standalone pc. Thanks in Advance
Thanx
MAOK, the classical way:
Open a terminal.
Type
ifconfig -a
ifconfig -a plumb
ifconfig -a
Note the differences, it will plumb ALL available interfaces this way. So, now you can see, which device is your network card.
Then perform a
ifconfig <interface> unplumb
for all the newly interfaces (aka those, that were new in the last ifconfig -a output).
Then, the simple way:
cd /etc
vi hostname.<interface-driver-name>0 (example: hostname.rge0, the driver would be rge, the instance is 0, and rge0 would have been displayed as an available interface in the last ifconfig command). Add the name of the host into this file.
Then
vi /etc/inet/hosts
and add the pair of IP-address and hostname.
If needed:
vi /etc/inet/netmasks
if you have a sub-divided network, and you need a differenbt subnet mask...
Then:
vi /etc/defaultrouter
and add the name or ip-adress of the gateway... (name only, if you have that name also in the /etc/inet/hosts file!)
Also:
vi /etc/nodename
and add the name of your host into that file, so that the system knows, who it is... ;-)
And: For the DNS you can then add the infos into:
/etc/resolv.conf
For example:
nameserver 192.168.2.1
or some such...
Then, as the last but one step:
ls /etc/nsswitch.*
and:
cd /etc
cp nsswitch.<what you need> nsswitch.conf (should be .files here!)
And the reboot... ;-)
HTH!
Matthias
P.S.: There might be some GUI, but I'm an old-timer, so I prefer the command-line version of things...
Maybe you are looking for
-
Multiple queries with 1 connection
Can I execute multiple queries with one connection? //Example - <% String firstconn; Class.forName("org.gjt.mm.mysql.Driver"); // create connection string firstconn = "jdbc:mysql://localhost/profile?user=mark&password=mstringham"; // pass database pa
-
How do I get all my music from new external hard drive into itunes????
Just loaded all my music on my new external and need to put into itunes, how do I do that??
-
An error occurred during the process of recovery(incomplete recovery)
Hi, I have a HP envy m6 1154ez. When I tried to restore to factory default I have an error incomplete recovery Can someone tell me how to fix this or what needs to be done to get my Windows working again, any help would be greatly appreciated. Report
-
Business Process Modeling in SAP Solution Manager
Hi. Even ther an Solution Manager space, i wish to get some opinion related to Business process Modeling. We are working in an upgrade project. R/3 4.6 C to ECC 6.0. The customer decide to use Solution manager to map their process, based on the trans
-
GRC AC v5.3 CUP "User Access Reviews" (UAR) requires implementation of ERM?
Hi Experts, re: GRC AC v5.3 CUP "User Access Reviews" (UAR) requires implementation of ERM? After reading the guides and forum it is still not clear to me if ERM is absolutely required in order to use CUP "User Access Reviews". The guide mentions in