How to configure several rbl entires in FROM_ACCESS section

Similar Messages

• Don't know which technology to utilize or how to configure ASA5505

  I have an ASA5505.  Currently, it is using static NAT on several ports to forward traffic to several devices inside my network.  It is a pain not only to configure but from the end user side.
  The issue I am having is the applicatoins I am using to access the devices become a mess with dual configurations, one for when I am connected to the internal network and one for when I am away from the office and accessing from the internet.  For example, I have 2 Cisco VC240 IP Cameras behind the ASA5505.  One is set use port 9091 and the other 9092.  When I am inside the office, I access them via http://10.1.2.215:9091 and http://10.1.2.216:9092.  But when I am away from the office, I have to have another configuration in an Android app to use them, http://external_ASA_IP:9091 and 9092 and then NAT 9091 to the object for Camera1 and 9092 for Camera2.  This is only one scenario.  I also have a UC320W that I would like to put an IP phone at home and it sounds like AnyConnect is the only way to do this.
  It sounds like to me that if I use some type of VPN, I can access the same devices using the same IP whether internal or external with the external connection using the VPN to tunnel the IP to the local network.  There seems to be quite a few ways to do this with an ASA 5505.
  AnyConnect seems like the way to go but after reading Cisco documentation, it requires your Android device to be root'd if it is not a particular Samsung model.  If I understand correctly, root'ing your phone voids the warranty.  I know it is common practice but would think Cisco would have a better solution as I am sure Cisco would not want another manufacturer telling their customers to void the warranty on their Cisco equipment in order to get it to work.
  I believe I can just use IPSEC and use the native VPN of the Android OS and also tunnel L2TP as the Android supports IPSEC-PSK/L2TP or IPSEC-CRT/L2TP.  But will either of these will support the IP phone to the UC320W?
  A friend also told me to use NginX to proxy URL's so the URL http://www.fqdn.com/camera1 gets proxy'd to the internal IP of Camera1 and http://www.fqdn.com/camera2 gets proxy'd to Camera2.  He says I should be able to store a cookie on the phone and let the phone authenticate to the camera and if the phone cannot, the proxy can authenticate internally to the IP camera over SSL.
  I don't know anymore, I am so confused and just want to simplify my life as I am just a small business with me and a couple other employees but I have full-time job and it is not IT/Network Technician, it is only CTO/CEO/CIO/CFO.  I don't have hours upon hours to set this up and test and I don't have hours upon hours to manage it.  I just need to simplify this and have so that it is a set-it-and-forget-it for 6 months to 1 year and re-evaluate or update.  So, if someone suggests IPSEC, I would not know how to configure anyway and you should expect another post.  The same for AnyConnect or any of the other suggestions.
  Thanks in advance for any advice.

  Hi!
  1. Set Calculation Mode property of ITEM_5 to Formula.
  Formula property:
  nvl(:Block_Name.ITEM_1, 0) + nvl(:Block_Name.ITEM_2, 0) + nvl(:Block_Name.ITEM_3, 0) + nvl(:Block_Name.ITEM_4, 0)
  OR
  Function_Name(Param_1,... Param_N);
  Have in view of, that the ITEM_5 data will not be saved in DataBase.
  2. When-Validate-Item trigger is usfull when is necessary to store calculated item data in DataBase.
  Rename you Post-Query trigger to When-Validate-Item.
  Modify trigger: Store calculation result in the variable.
  (Don't forget to round variable value!)
  Then compare it with ITEM_5. If they are different - :ITEM_5 := var_name.
  I prefer the first method.

• How to configure multiple listeners to listen for the same instance.

  Hello everyone,
  I am running oracle database 11g and I want information regarding how to configure multiple listeners to listen for the same database instance. Actually I know how to configure more than one listener but the main thing that I am confused about is when we create listener.ora file, do we have to statically register the database instance with both the listeners or the instance will register itself with both the listeners.
  According to my knowledge the instance will register with the listener specified by LOCAL_LISTENER parameter and we cannot have more than one value for this parameter.
  Please only give detailed answers with example as I am tired of simple answers with details that I already know.

  Hello,
  Yes, it can make sense to have several listener for one Oracle instance. For instance you may have one listener for the applications another listener for DBA administration tasks as well as one listener dedicated to dataguard broker. It is not possible to have several listeners listening on the same IP and Port.
  By default the database try to automatically register to a listener on port 1521. To instruct the instance to register to a specifc list of listeners you can add in the init.ora the local_listener parameter with an alias definition:
  i.e
  local_listener=MY_SET_OFF_LISTENERS
  in your tnsname.ora add an entry called:
  MY_SET_OFF_LISTENERS_LOCAL= (ADDRESS_LIST=
  (ADRESS=(PROTOCOL=TCP)(HOST=myhostname)(PORT=1530))
  (ADRESS=(PROTOCOL=TCP)(HOST=myhostname)(PORT=1531))
  (ADRESS=(PROTOCOL=TCP)(HOST=myhostname)(PORT=1532))
  In this sample your instance will register to three listeners listening on respectively port 1530, 1531 and 1532
  If you want your clients can be balanced over the 3 listeners

• How do I delete my entire iCloud account?

  How do I delete my entire iCloud account?

  You can't delete an icloud account.  You can disconnect a device or computer from icloud.  (For example, on an iOS device, go to Settings>icloud, scroll to bottom of screen and tap Delete Account.)
  If you want to delete all the data on icloud, then there are several ways, but these require that you delete stuff one at a time or a group at a time.  Usually, using a computer is faster, since you can for example check multiple emails at once then delete them.
  To delete specific data files associated with a program or app, you'll have to invoke each app and delete the data.

• How to configure ePrint on LaserJet CP1025nw Color Printer

  Solution found:
  How to Configure HP ePrint on the LaserJet CP1025nw Color Printer
  System:     Windows  (Widows 7)
  Step 1 – Install Printer
  Install the CP1025nw Printer to USB, Wifi or Ethernet.
  (Printer needs to print correctly in order to pass to the next steps).
  Step2 – Check Firmware Version
  Press the “Info-Button” on the CP1025nw LaserJet for five seconds.
  The printer will print two info pages.
  Look at the first Page on the top-left for Firmware Version
  Firmware version must be 20120103 or higher.
  Step 3 – Update Firmware
  Download Firmware Update utility (LJCP1020_FWUpdate_signed.exe) from the following link:
  Utilidad de actualización del firmware de HP LaserJet CP1025nw
  or
  http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=lj-86491-5&cc=es&dlc=es&lc=es&...=
  Execute the Utility on the computer were the CP1025nw LaserJet is correctly installed.
  Find the CP1025nw Printer on the list. The selection Window might show the printer several times depending on how the printer was installed. Select one option and press the button “Update One”.
  Step 4 – Retrieve the Printer Code for your CP1025nw Printer
  ATTENTION:
  The “Host Name” of the printer is not the “Printer-Code” you need  for ePrint setup.
  To retrieve the Printer-Code you must run the ePrint-Setup-Wizard-Utility.
  To download of the utility, go to the link: http://www.hp.com/go/ePrint .
  Find the “HP LaserJet Pro CP1020 Color Printer Series” option in the Drop-Down-List.
  Click “Windows” to download the wizard (EPrintSetupWizard.exe ).
  Execute the Wizard on the computer where the CP1025nw Printer is correctly installed. After running the wizard press the “Info-Button” on the CP1025nw LaserJet for five seconds. The printer will print three info pages. The third info-page offers the Printer-Code you need for ePrint setup. The code is valid for 24h only. When time elapses you have to reprint the info-pages to get an actualized Printer-Code.
  Step 5 – Get Printer Email for your CP1025nw LaserJet
  In order ePrint on your CP1025nw Printer you need to assign an email address to your Printer. To do this, go to the following link: http://www.hpeprintcenter.com/
  Log in with your HP-ID. If you don’t have one, register for a new account.
  When logged in, click on “Add new Printer”-button. You will be asked to enter the Printer-Code. (On how to get the Printer-Code, see step 4).
  While evaluating the Printer-Code, be patient, the program needs its time.
  When the Printer-Code is accepted, you can assign an email address for your CP102nw5 LaserJet. Done this, your con print your CP1025nw Printer just by sending the documents per email to the email-address of your printer.
  Done.

  Hi Max, check out the link below...
  http://h10025.www1.hp.com/ewfrf/wc/softwareCategory?cc=us&lc=en&dlc=en&product=4052972
  Hope this helps
  Ciara
  Although I am an HP employee, I am speaking for myself and not for HP.
  Twitter: @Ciara_B_HP

• How can we pass the entire rows of a table to a web service in a VC model ?

  Hi,
  On the click of the submit button, I have to pass the rows of two tables into an enterprise service. This service also takes other fields of a form as an input.
  How can we pass the entire rows of a table into a service ?
  Regards,
  Nitin

  Hi Nitin,
  It seems that you have two or three different structures to pass data using your webservice. In your main question, two tables, you can join both in one table and from there call the webservice. In order to pass the entire table you need:
  1. Draw a line between your joinned table and your service,
  2. Map the fields,
  3. Create a 'SUBMIT' in your table tool bar. Right click on your table and choose 'Create Toobar', '+', name and choose 'Submit' as your event.
  4. Go to Configure Element (Table View) 'Multiple' at Selection Mode.
  Reward points if helps you to solve your question.
  Regards,
  Gilson Teixeira

• How to configure CustomLoginModule in jps-config.xml

  Hi,
  How can we configure a Custom Login Module using jps-config.xml, as we do not want to use weblogic custom authentication provider as it needs application jars(which we require fo authenticating the user) to be kept in weblogic classpath.
  Is there any documentation on how to configure and use Custom Login Modules in jps-config.xml, I tried to create a LoginModule and specify it in jps-config.xml, but
  My LoginModule is not getting called.
  Jdev version: 11.1.1.3.0
  Server : weblogic
  my jps-config.xml is
                <?xml version = '1.0' encoding = 'Cp1252'?>
  <jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd">
     <property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>
     <property value="custom.provider" name="true"/>
     <propertySets/>
     <serviceProviders>
        <serviceProvider class="oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider" name="credstore.provider" type="CREDENTIAL_STORE">
           <description>Credential Store Service Provider</description>
        </serviceProvider>
        <serviceProvider class="oracle.security.jps.internal.login.jaas.JaasLoginServiceProvider" name="jaas.login.provider" type="LOGIN">
           <description>
              Login Module Service Provider
           </description>
        </serviceProvider>
        <serviceProvider class="oracle.security.jps.internal.idstore.xml.XmlIdentityStoreProvider" name="idstore.xml.provider" type="IDENTITY_STORE">
           <description>XML-based IdStore Provider</description>
        </serviceProvider>
        <serviceProvider class="oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider" name="policystore.xml.provider" type="POLICY_STORE">
           <description>XML-based PolicyStore Provider</description>
        </serviceProvider>
     </serviceProviders>
     <serviceInstances>
        <serviceInstance provider="credstore.provider" name="credstore">
           <property value="./" name="location"/>
        </serviceInstance>
        <serviceInstance provider="jaas.login.provider" name="CustomLoginModule">
           <property value="SUFFICIENT" name="jaas.login.controlFlag"/>
           <property value="SEVERE" name="log.level"/>
           <property value="org.calwin.view.CustomLoginModule" name="loginModuleClassName"/>
        </serviceInstance>
        <serviceInstance provider="idstore.xml.provider" name="idstore.xml">
           <property value="./jazn-data.xml" name="location"/>
           <property value="OBFUSCATE" name="jps.xml.idstore.pwd.encoding"/>
           <property value="jps" name="subscriber.name"/>
        </serviceInstance>
        <serviceInstance provider="policystore.xml.provider" name="policystore.xml">
           <property value="./jazn-data.xml" name="location"/>
        </serviceInstance>
     </serviceInstances>
     <jpsContexts default="TestMultiDatasource">
        <jpsContext name="TestMultiDatasource">
           <serviceInstanceRef ref="idstore.xml"/>
           <serviceInstanceRef ref="credstore"/>
           <serviceInstanceRef ref="policystore.xml"/>
        </jpsContext>
        <jpsContext name="anonymous">
           <serviceInstanceRef ref="credstore"/>
        </jpsContext>
     </jpsContexts>
  </jpsConfig>My Login Module Class:
  package org.calwin.view;
  import java.io.IOException;
  import java.security.Principal;
  import java.util.Map;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.Callback;
  import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.callback.NameCallback;
  import javax.security.auth.callback.PasswordCallback;
  import javax.security.auth.callback.UnsupportedCallbackException;
  import javax.security.auth.login.LoginException;
  import javax.security.auth.spi.LoginModule;
  import javax.servlet.http.HttpServletRequest;
  import weblogic.security.auth.callback.ContextHandlerCallback;
  import weblogic.security.principal.WLSUserImpl;
  import weblogic.security.service.ContextHandler;
  public class CustomLoginModule
      implements LoginModule
    // initial state
    private Subject subject;
    private CallbackHandler callbackHandler;
    // the authentication status
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    // username and password
    private String username;
    private String password;
    // testUser's SamplePrincipal
    private Principal userPrincipal;
     * Initialize this <code>LoginModule</code>.
     * <p>
     * @param subject the <code>Subject</code> to be authenticated. <p>
     * @param callbackHandler a <code>CallbackHandler</code> for communicating
     *      with the end user (prompting for user names and
     *      passwords, for example). <p>
     * @param sharedState shared <code>LoginModule</code> state. <p>
     * @param options options specified in the login
     *      <code>Configuration</code> for this particular
     *      <code>LoginModule</code>.
    public void initialize(Subject subject, CallbackHandler callbackHandler,
                           Map sharedState, Map options) {
      this.subject = subject;
      this.callbackHandler = callbackHandler;
     * Authenticate the user by prompting for a user name and password.
     * <p>
     * @return true in all cases since this <code>LoginModule</code>
     *    should not be ignored.
     * @exception FailedLoginException if the authentication fails. <p>
     * @exception LoginException if this <code>LoginModule</code>
     *    is unable to perform the authentication.
    public boolean login() throws LoginException {
      if (callbackHandler == null)
        throw new LoginException("Error: no CallbackHandler available " +
                                 "to garner authentication information from the user");
      Callback[] callbacks = new Callback[3];
      callbacks[0] = new NameCallback("user name: ");
      callbacks[1] = new PasswordCallback("password: ", false);
      callbacks[2]=new ContextHandlerCallback();
        try {
          callbackHandler.handle(callbacks);
        } catch (UnsupportedCallbackException uce) {
            throw new LoginException("Callback Not Supported");
        } catch (IOException ioe) {
            throw new LoginException("I/O Failed");
        username = ((NameCallback)callbacks[0]).getName();
        char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
        if (tmpPassword == null) {
          tmpPassword = new char[0];
        password = new String(tmpPassword);
        ((PasswordCallback)callbacks[1]).clearPassword();
      // verify the username/password
      boolean usernameCorrect = true;
      boolean passwordCorrect = true;
      succeeded = true;
      return true;
     * <p> This method is called if the LoginContext's
     * overall authentication succeeded
     * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
     * succeeded).
     * <p> If this LoginModule's own authentication attempt
     * succeeded (checked by retrieving the private state saved by the
     * <code>login</code> method), then this method associates a
     * <code>SamplePrincipal</code>
     * with the <code>Subject</code> located in the
     * <code>LoginModule</code>.  If this LoginModule's own
     * authentication attempted failed, then this method removes
     * any state that was originally saved.
     * <p>
     * @exception LoginException if the commit fails.
     * @return true if this LoginModule's own login and commit
     *    attempts succeeded, or false otherwise.
    public boolean commit() throws LoginException {
      if (succeeded == false) {
        return false;
      } else {
        userPrincipal = new WLSUserImpl(username);
        if (!subject.getPrincipals().contains(userPrincipal))
          subject.getPrincipals().add(userPrincipal);
        // in any case, clean out state
        username = null;
        password = null;
        commitSucceeded = true;
        return true;
     * <p> This method is called if the LoginContext's
     * overall authentication failed.
     * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
     * did not succeed).
     * <p> If this LoginModule's own authentication attempt
     * succeeded (checked by retrieving the private state saved by the
     * <code>login</code> and <code>commit</code> methods),
     * then this method cleans up any state that was originally saved.
     * <p>
     * @exception LoginException if the abort fails.
     * @return false if this LoginModule's own login and/or commit attempts
     *    failed, and true otherwise.
    public boolean abort() throws LoginException {
      if (succeeded == false) {
        return false;
      } else if (succeeded == true && commitSucceeded == false) {
        // login succeeded but overall authentication failed
        succeeded = false;
        username = null;
        if (password != null) {
          password = null;
        userPrincipal = null;
      } else {
        // overall authentication succeeded and commit succeeded,
        // but someone else's commit failed
        logout();
      return true;
     * Logout the user.
     * <p> This method removes the <code>SamplePrincipal</code>
     * that was added by the <code>commit</code> method.
     * <p>
     * @exception LoginException if the logout fails.
     * @return true in all cases since this <code>LoginModule</code>
     *          should not be ignored.
    public boolean logout() throws LoginException {
      subject.getPrincipals().remove(userPrincipal);
      succeeded = false;
      succeeded = commitSucceeded;
      username = null;
      if (password != null) {
        password = null;
      userPrincipal = null;
      return true;
  }My adf-config.xml:
  <sec:adf-security-child xmlns="http://xmlns.oracle.com/adf/security/config">
      <CredentialStoreContext credentialStoreClass="oracle.adf.share.security.providers.jps.CSFCredentialStore"
                              credentialStoreLocation="../../src/META-INF/jps-config.xml"/>
      <sec:JaasSecurityContext initialContextFactoryClass="oracle.adf.share.security.JAASInitialContextFactory"
                               jaasProviderClass="oracle.adf.share.security.providers.jps.JpsSecurityContext"
                               authorizationEnforce="true"
                               authenticationRequire="true"/>
    </sec:adf-security-child>My jazn.xml:
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-11_0.xsd">
    <jazn-realm default="jazn.com">
      <realm>
        <name>jazn.com</name>
      </realm>
    </jazn-realm>
  </jazn-data>My web.xml:
  <filter>
      <filter-name>JpsFilter</filter-name>
      <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
      <init-param>
        <param-name>enable.anonymous</param-name>
        <param-value>true</param-value>
      </init-param>
      <init-param>
        <param-name>remove.anonymous.role</param-name>
        <param-value>false</param-value>
      </init-param>
    </filter>
  <servlet>
      <servlet-name>adfAuthentication</servlet-name>
      <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
    </servlet>
  <servlet-mapping>
      <servlet-name>adfAuthentication</servlet-name>
      <url-pattern>/adfAuthentication</url-pattern>
    </servlet-mapping>
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>adfAuthentication</web-resource-name>
        <url-pattern>/adfAuthentication</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>valid-users</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
        <form-login-page>/login.html</form-login-page>
        <form-error-page>/error.html</form-error-page>
      </form-login-config>
    </login-config>
    <security-role>
      <role-name>valid-users</role-name>
    </security-role>weblogic.xml:
    <security-role-assignment>
      <role-name>valid-users</role-name>
      <principal-name>users</principal-name>
    </security-role-assignment>Regards,
  Saikiran

  Ours is not a Desktop Application, but we want to handle Authentication(Which authenticates the userid and password by making a Tuxedo call) and add the Principal to Subject in session, so that ADF Authorization and securityContext can be used as is,
  but doing this with Custom Authentication Provider in weblogic needs me to have a lot of Tuxedo Service related jars in weblogic/system classpath which i feel is not right thing to do, as the same jars are required in application also, which means i will have the jars in class path twice and i need to deploy the jars to both places everytime there is any change.
  Is there any way by which i can set Authenticated principal to Subject in the created session from within Application?

• How to configure Firefox to use OpenVPN?

  summary: I'm running OpenVPN from a Debian client through a Debian jumpbox/server. After I [start the server, start the client] most IP-based applications (DNS, ping, ssh) seem to work from the client, but client's Firefox cannot connect to http://www.whatismyip.com/ (or any other URI). How to configure Firefox to use the VPN? or otherwise fix the problem? or further debug it?
  details:
  I have a laptop running debian_version==jessie/sid with Firefox version=33.0 which needs to access a compute cluster. The cluster formerly required only an SSL VPN (enabled by a Firefox plugin) to access, but now has several additional requirements, which I seek to satisfy by running the SSL VPN through a jumpbox running an OpenVPN server. The jumpbox is running a "vanilla" Debian 7.7.
  I have been using the laptop successfully for a few years without network problems. Currently I have the laptop connected by wire directly to an ISP-supplied modem/router. With `openvpn` NOT running on the laptop, I see:
  * `ifconfig` shows no entry='tun0' (just "the usual" entries for 'eth0', 'lo', 'wlan0'), and shows the expected client IP# bound to 'eth0'.
  * I can `ping` my jumpbox/server using its real IP#, but cannot `ping 10.8.0.1`
  * I can `ssh` to my jumpbox/server using its real IP#, but cannot `ssh 10.8.0.1`
  * `nslookup www.whatismyip.com` gives correct results
  * browsing to http://www.whatismyip.com/ shows my client's IP# (as also shown in `ifconfig`)
  Both my client/laptop and server/jumpbox setups are quite generic OpenVPN-wise, and are almost exactly as described on the Debian wiki
  https://wiki.debian.org/openvpn%20for%20server%20and%20client
  me@jumpbox:~$ date ; cat /etc/openvpn/server.conf
  Sat Nov 8 16:49:00 EST 2014
  port 1194
  proto udp
  dev tun
  ca /etc/openvpn/ca.crt
  cert /etc/openvpn/server.crt
  key /etc/openvpn/server.key
  dh /etc/openvpn/dh1024.pem
  server 10.8.0.0 255.255.255.0
  ifconfig-pool-persist ipp.txt
  push "redirect-gateway def1 bypass-dhcp"
  push "dhcp-option DNS 8.8.8.8" # google public DNS
  keepalive 10 120
  comp-lzo
  user nobody
  group nogroup
  persist-key
  persist-tun
  status openvpn-status.log
  verb 3
  me@laptop:~$ date ; cat /etc/openvpn/client1.conf
  Sat Nov 8 16:51:31 EST 2014
  client
  dev tun
  proto udp
  remote ser.ver.IP.num 1194
  resolv-retry infinite
  nobind
  user nobody
  group nogroup
  persist-key
  persist-tun
  mute-replay-warnings
  ca /etc/openvpn/ca.crt
  cert /etc/openvpn/client1.crt
  key /etc/openvpn/client1.key
  ns-cert-type server
  comp-lzo
  verb 3
  up /etc/openvpn/update-resolv-conf
  down /etc/openvpn/update-resolv-conf
  My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`:
  me@jumpbox:~$ date ; sudo iptables -L
  Sat Nov 8 16:42:06 EST 2014
  Chain INPUT (policy ACCEPT)
  target prot opt source destination
  fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
  Chain FORWARD (policy ACCEPT)
  target prot opt source destination
  Chain OUTPUT (policy ACCEPT)
  target prot opt source destination
  Chain fail2ban-ssh (1 references)
  target prot opt source destination
  RETURN all -- anywhere anywhere
  After I start `openvpn` on first the server and then the client, I see no OpenVPN errors on either the server or the client:
  me@jumpbox:~$ sudo openvpn --script-security 2 --config /etc/openvpn/server.conf &
  Sat Nov 8 17:48:25 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
  Sat Nov 8 17:48:25 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
  Sat Nov 8 17:48:25 2014 Diffie-Hellman initialized with 1024 bit key
  Sat Nov 8 17:48:25 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
  Sat Nov 8 17:48:25 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
  Sat Nov 8 17:48:25 2014 ROUTE default_gateway=ser.ver.gate.way
  Sat Nov 8 17:48:25 2014 TUN/TAP device tun0 opened
  Sat Nov 8 17:48:25 2014 TUN/TAP TX queue length set to 100
  Sat Nov 8 17:48:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  Sat Nov 8 17:48:25 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
  Sat Nov 8 17:48:25 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
  Sat Nov 8 17:48:25 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
  Sat Nov 8 17:48:25 2014 GID set to nogroup
  Sat Nov 8 17:48:25 2014 UID set to nobody
  Sat Nov 8 17:48:25 2014 UDPv4 link local (bound): [undef]
  Sat Nov 8 17:48:25 2014 UDPv4 link remote: [undef]
  Sat Nov 8 17:48:25 2014 MULTI: multi_init called, r=256 v=256
  Sat Nov 8 17:48:25 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
  Sat Nov 8 17:48:25 2014 ifconfig_pool_read(), in='TomRoche,10.8.0.4', TODO: IPv6
  Sat Nov 8 17:48:25 2014 succeeded -> ifconfig_pool_set()
  Sat Nov 8 17:48:25 2014 IFCONFIG POOL LIST
  Sat Nov 8 17:48:25 2014 TomRoche,10.8.0.4
  Sat Nov 8 17:48:25 2014 Initialization Sequence Completed
  me@laptop:~$ sudo openvpn --script-security 2 --config /etc/openvpn/client1.conf &
  Sat Nov 8 17:49:12 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
  Sat Nov 8 17:49:12 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
  Sat Nov 8 17:49:12 2014 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
  Sat Nov 8 17:49:12 2014 UDPv4 link local: [undef]
  Sat Nov 8 17:49:12 2014 UDPv4 link remote: [AF_INET]jump.box.IP.num:1194
  Sat Nov 8 17:49:12 2014 TLS: Initial packet from [AF_INET]jump.box.IP.num:1194, sid=25df7af6 0ece4089
  Sat Nov 8 17:49:13 2014 VERIFY OK: depth=1, <my config data/>
  Sat Nov 8 17:49:13 2014 VERIFY OK: nsCertType=SERVER
  Sat Nov 8 17:49:13 2014 VERIFY OK: depth=0, <my config data/>
  Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
  Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
  Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
  Sat Nov 8 17:49:14 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
  Sat Nov 8 17:49:14 2014 [TomRoche] Peer Connection Initiated with [AF_INET]jump.box.IP.num:1194
  Sat Nov 8 17:49:16 2014 SENT CONTROL [TomRoche]: 'PUSH_REQUEST' (status=1)
  Sat Nov 8 17:49:16 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: route options modified
  Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
  Sat Nov 8 17:49:16 2014 ROUTE_GATEWAY lap.top.gate.way/255.255.255.0 IFACE=eth0 HWADDR=la:pt:op:MAC:ad:dr
  Sat Nov 8 17:49:16 2014 TUN/TAP device tun0 opened
  Sat Nov 8 17:49:16 2014 TUN/TAP TX queue length set to 100
  Sat Nov 8 17:49:16 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  Sat Nov 8 17:49:16 2014 /sbin/ip link set dev tun0 up mtu 1500
  Sat Nov 8 17:49:16 2014 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
  Sat Nov 8 17:49:16 2014 /etc/openvpn/update-resolv-conf tun0 1500 1542 10.8.0.6 10.8.0.5 init
  dhcp-option DNS 8.8.8.8
  Sat Nov 8 17:49:16 2014 /sbin/ip route add lap.top.IP.num/32 via lap.top.gate.way
  Sat Nov 8 17:49:16 2014 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
  Sat Nov 8 17:49:16 2014 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
  Sat Nov 8 17:49:16 2014 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
  Sat Nov 8 17:49:16 2014 GID set to nogroup
  Sat Nov 8 17:49:16 2014 UID set to nobody
  Sat Nov 8 17:49:16 2014 Initialization Sequence Completed
  I then see the following on my client:
  * `ifconfig` shows a new entry=`tun0`, which looks correct
  * I can `ping` the server using either its real IP# or `10.8.0.1`
  * I can `ssh` to the server using either its real IP# or `10.8.0.1`
  * `nslookup www.whatismyip.com` gives correct results
  ... but I get no connection if I open a new instance of Firefox and browse to http://www.whatismyip.com/ :-( "Looking up www.whatismyip.com..." succeeds quickly but the status line continues to display "Connecting to www.whatismyip.com..." until the attempt times out. I also get the same behavior (connection timeout) if I open a new instance of Chrome, or if I browse to http://www.whatismyip.com/ with a Firefox opened prior to starting OpenVPN. FWIW I get the same behavior browsing to any URI, including (e.g.) Google.
  This is a major problem for me! For the SSL VPN to work, I need to start a Firefox and run it (since the SSL VPN's vendor only supports it on Linux via a Firefox plugin) to access a particular remote-access website. Furthermore I need the SSL VPN to run through the jumpbox/OpenVPN. (Don't ask, it's a long, sad story ...)
  Is there something I must do to configure Firefox to use the VPN? Or is there some other way to fix this?
  Alternatively, what should I do to further debug the problem? It just seems odd to me that the other services work (e.g., `nslookup`, `ssh`) but Firefox does not. That being said, both Firefox and Chrome fail in this usecase, so the problem might be generic to web browsers.
  your assistance is appreciated, Tom Roche <[email protected]>

  You're kidding. You have to go through that rigamarole just to put your bookmarks on your own server? Where's the simple FTP option?
  Also, the above-linked article has a broken link. The link to the weaveserver (which is what you have to set up on your own server) is no good, and there is no obvious replacement. There are plenty of Weave-related repositories here:
  http://hg.mozilla.org/labs
  but it's not clear what you need.

• How to configure a JMS Queue

  Hi,
  I have an EAR file thai includes an EJB 3.0 module with a MDB. I use a Queue.
  This is my code,
  @Resource(mappedName = "jms/NotificationQueue")
  private Queue notificationQueue;
  @Resource(mappedName = "jms/NotificationQueueFactory")
  private ConnectionFactory notificationQueueFactory;
  public Customer update(Customer customer){
  Customer updated = em.merge(customer);
  try {
  sendJMSMessageToNotificationQueue(updated);
  } catch (JMSException ex) {
  Logger.getLogger(CustomerSessionBean.class.getName()).log(Level.SEVERE, null, ex);
  System.out.println("Customer updated in CustomerSessionBean!");
  return updated;
  private Message createJMSMessageForjmsNotificationQueue(Session session, Object messageData) throws JMSException
  //Modified to use ObjectMessage instead
  ObjectMessage tm = session.createObjectMessage();
  tm.setObject((Serializable) messageData);
  return tm;
  private void sendJMSMessageToNotificationQueue(Object messageData) throws JMSException
  Connection connection = null;
  Session session = null;
  try
  connection = notificationQueueFactory.createConnection();
  session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
  MessageProducer messageProducer = session.createProducer(notificationQueue);
  messageProducer.send(createJMSMessageForjmsNotificationQueue(session, messageData));
  finally
  if (session != null)
  try
  session.close();
  catch (JMSException e)
  Logger.getLogger(this.getClass().getName()).log(Level.WARNING, "Cannot close session", e);
  if (connection != null)
  connection.close();
  layed inside a stateless EJB 3.0.
  And the MDB looks as follow,
  @MessageDriven(mappedName = "jms/NotificationQueue", activationConfig = {
  @ActivationConfigProperty(propertyName = "acknowledgeMode", propertyValue = "Auto-acknowledge"),
  @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Queue")
  public class NotificationBean implements MessageListener {
  public NotificationBean() {
  public void onMessage(Message message)
  try
  Object msgObj = ((ObjectMessage)message).getObject();
  if (msgObj != null)
  Customer customer = (Customer)msgObj;
  System.out.println("Customer with the following details has been updated:");
  StringBuilder sb = new StringBuilder();
  sb.append("Customer ID=");
  sb.append(customer.getCustomerId());
  sb.append(", ");
  sb.append("Name=");
  sb.append(customer.getName());
  sb.append(", ");
  sb.append("Email=");
  sb.append(customer.getEmail());
  System.out.println(sb.toString());
  catch (JMSException ex)
  Logger.getLogger(NotificationBean.class.getName()).log(Level.SEVERE, null, ex);
  I have configured both "jms/NotificationQueue" and "jms/NotificationQueueFactory" inside OC4J server.
  But when I try to deploy the EAR file, the server gives me the following error,
  Operation failed with error: No destination location set for message-driven bean NotificationBean
  How must I do to let the EAR file be deployed?
  Thanks in advance
  Jose

  Mingzhuang
  I want to configure a error queue for weblogic jms topic. Wanted: The message goes to error destination when messages have expired or reached their redelivery limit.
  1. using jms transport configure proxy service:
  Retry Count :3
  Retry Interval:10
  Error Destination: ErrorTopic
  Expiration olicy: RedirectUnlike File/SFTP, JMS proxy service definition does not have the concept of Error Destination. To accomplish similar functionality go to JMSQ on (for which proxy is configured) server console (http://localhost:7001/console) and configure the Error Destination. Following URL will help in how to configure JMS Q.
  http://edocs.bea.com/wls/docs103/ConsoleHelp/taskhelp/jms_modules/queues/ConfigureQueues.html
  http://edocs.bea.com/wls/docs103/ConsoleHelp/taskhelp/jms_modules/queues/ConfigureQueueDeliveryFailure.html
  I tried use the proxy service to consume message from the jms topic . and generation an error in the proxy message flow. But the message didn't goes into the error topic.If every thing is configured as per above step, then the after retries, the weblogic server will put the message into JMS topic configured. Your proxy will receive from this topic.
  Let me know if we are not on same page.
  Cheers
  Manoj

• Osb 11 : How to configure tuxedo business services in a clustered domain.

  Hi,
  We have a platform with a clustered domain Osb ( 1 admin server and 2 managed servers dispatch on several physical servers) and two Tuxedo instances offering the same service exported in 2 different gateways on each Tuxedo instance.
  How to configure a business service with tuxedo transport working on this platform with failover and load balancing ?

  Thanks for the answer but it doesn't work.
  The fact is that we work on OSB 11, not directly in WebLogic.
  And Osb always modify the WTC configuration even if we modify it before in weblogic.
  To define a business service with multiple remote access points and apply a load balancing algorythm, Osb need an URI for each remote access point (not for each imported service).

• How to configure for the give senario where we from APO demand planning, we provide baseline forecast into TPM

  Hello Guru's,
  Request for information on smart documentation on the integration between Trade Promotion Management and SCM-Demand Planning from an architecture perspective how to configure for the give senario where we from APO demand planning, we provide baseline forecast into TPM and from TPM promotions values can be considered in to APO demand planning: can anybody give me some insight on it.
  Thanks in advance.
  Kumar

  Hi Praveen
  There are several ways you can connect a DP system to a TPM. How are your interfaces and systems setup?
  Option1:
  Extract the baseline from APO to a BW cube, extract the data out of BW, may be using infospokes/open hub and pass it on to TPM.
  2. Have a custom program written in APO-DP to extract the selected keyfigure data at the aggregation level into an interface or a .txt file into APO directory and use some data transfer service such as EDI to take this data and send to TPM.
  In my experience it is simple to define an integration process. The much larger and complicated aspects are the date adjustments and the aggregation levels.
  Date adjustments:
  Understand the basis of the data in APO and TPM. APO is usually at the requested delivery date or material availability date ( when the customer like a store wants the product). However TPMs are usually at the consumption date ( when an end customer like you and me but from store shelf). Depending on the product and business style this can mean several days difference. Let's say it is 25 days on average, you need to add 25 days to APO base line date to get the TPM consumption date.
  Aggregation level:
  This can be product or customer. If the planning in DP is at product sku level and the TPM is at packs or brand level, you need to aggregate the data up before loading to TPM. The same with customer.
  To me the most complex part of the integration is to understand and transform the data in a meaningful way and a strategy to sustain this integration by keeping both DP and TPM in sync in terms of master data. Also important to have a process for identifying exceptions and failures. you send baseline from DP to TPM and if it fails, how do you know? how do you trouble shoot?
  Hope these help.

• How to configure SCOT to handle multi language emails in SAP 4.6C

  Hello,
  I have an SAP 4.6C MDMP system with several languages installed such as Japanese, Korean, Chinese (Traditional and Simplified).
  I have been asked to configure SCOT so that users are able to send out emails via SBWP in their own language. Ie Chinese users sending out emails in Chinese (simplified), Taiwanese users send out mails in Chinese (traditional) and Japanese users sending out mails in Japanese.
  I have configured SCOT as per SAP note 311633, by implementing 4 different INT nodes for English, Chinese Traditional, Chinese Simplified and Japanese; implemented this note and created the report RSCONCDG.
  The problem is that I do not know how to configure the nodes so that each email goes to the correct SCOT node. ie Japanese to the Japanese node, Chinese traditional to the Chinese traditional node and so on.
  How do I configure each node for this?
  Thank you.

  Hi Siddesh, thank you for your detailed explanation and sorry for the late reply as I was very busy with some oher work till today.
  I have configured 4 sender groups in SCOT - one for each language I want to send out the email in (english, chinese simplified, chinese traditional and japanese)
  After, I configured the CDG parameters in 3 users so each is configured for the sender group for chinese simpliified, chinese traditional and japanese respectively.
  I set up the routing using RSCONCDG and tested the routing for each user via SCOT routing test and the routing worked correctly.
  Finally I did the actual test: log in as each user in the respective language in the SAP system, SBWP, copied a few lines in the same language and sent it out.
  Using the default code page: ISO-8859-1, all the chinese and language texts in the email came out gibberish.
  Using the code page: ISO-2022-JP, all the non-english text will be emailed out in japanese, whether the email was originally in chinese or japanese.
  I do not know how else to proceed from here. Any advice?

• How to include several PDF documents into just one file?

  I have a Word document with 6 pages that I saved in PDF.
  I wanted to transform the entire document in JPEG (JPG) immage, so that I could use it in other tools, such as Facebook for example.
  The problem is that using Adobe Photoshop it opens and saves page by page.
  Can you give me s solution or hint?
  Flavio
  [email protected]

  Thank you!
  I already saved all pages as .pdf w/ Acrobat and have all 6 pages saved in
  .jpg, using Photoshop.
  Problem is that I want to post the whole text in my Facebook page, and to
  have it in six pieces is not quite readable...
  Thanks anyway and have a joyful Xmas!
  2011/12/24 try67 <[email protected]>
     Re: How to include several PDF documents into just one file?  created
  by try67 <http://forums.adobe.com/people/try67> in Adobe Reader - View
  the full discussion <http://forums.adobe.com/message/4102594#4102594>

• Connecting two WRT54G wireless routers - how to configure

  Hi All,
  I have two WRT54G wireless routers. One is currently providing wireless access for several users at a local law firm. I need to connect a second wireless router for a user who works for another company in the same office. The second wireless router is basically going to be used for Internet access. The Office Manager at the law office does not want the user from the other company using their wireless router directly, BUT they will allow me to hook up the second wireless router for Internet access. I realize this doesn't really make sense in terms of security, but this is the scenario I must abide to. So I am wondering how to configure the second router. I am thinking that I connect a CAT5 from one port on the first router to the Internet port on the second router. I am also guessing that I need to assign the the second router a static IP with a different subnet such as 192.168.2.1. I am not sure if the first router still has the default 192.168.1.1. If the first router does use 192.168.1.1 would I need to change the IP on the second one to one on another subnet? Thanks.

  You will need a setup like this:
  Modem  ---  new WRT54G  ----  existing WRT54G
                   192.168.2.1              192.168.1.1    ( "Local IP address" )
  Modem connects to Internet port of new WRT54G.
  LAN port of new WRT54G connects to Internet port on existing WRT54G.
  SSID:  different on each router  (do not use "linksys" )
  SSID broadcast:  enabled on both routers
  encryption:  recommend WPA2, or at least WPA  (can be same or different on the two routers).
  passwords:   different on each router.
  channel:  try to stay at least 5 channels apart.  Usually channel 1, 6, and 11 work best, but any two different channels can be used.
  Any "port forwarding" used by existing WRT54G must also be done on new WRT54G.
  Both routers need a real login password (not "admin" )
  New WRT54G will need "Intenet connection type" set to whatever is currently on existing WRT54G.  Internet connection type for existing WRT54G will need to be set to DHCP.
  Message Edited by toomanydonuts on 01-15-2008 01:54 AM

• How to configure, push and test Idoc from XI to R/3

  Assuming mapping between imported Idoc and some file structure is fine ,I have to configure XI and R/3 for pushing Idocs from Xi to r/3. I have to make sure they talk.
  -I have done this long time ago for pushing Idocs from R/3 to XI but I wonder if it is same procedure or it is different ?
  -Can someone tell me  - how to configure both for this purpose partner profiles , logical systems etc ?
  -And also after configurations , how I can check if Idocs is received from Xi and the entire process is successful?
  -does it make difference the type of Idocs during the configurations?
  -Are the test for success same for all type Idocs?
  Thanks all !
  Jon

  Here are the steps:
  ===========================
  First - Maintain the Sender R/3 System:
  SM59 : Create a RFC destination to XI
  WE21 : Create a TRFC Port ->Specify the RFC Destination Created
  BD54 : Create a Logical System for the Idoc Receiver
  WE20 : Create Partner Profile ->Maintain Outbound and the Inbound Parameters
  Second - Log on to XI System:
  SM59 : RFC Destination for Sender System
  IDX1 : Create the port to get Idoc Metadata from Sender System ( The Port Name must match the port name in the idoc header - Usually in format SAP<System ID>. eg. SAPID1 [Optional Step. Not mandatory]
  IDX2 : Maintain the Idoc Metadata. This is needed only by XI, and not by other SAP systems. IDX2 is needed because XI needs to construct IDoc-XML from the IDoc. No other SAP system needs to do that.
  To Enable Acknowledgement:
  SXMB_ADM ->Integration Engine Configuration ->Specific Configuration ->Add New entry -> Select parameters as:
  Category: RUNTIME
  Parameters: ACK_SYSTEM_FAILURE
  Current Value: 1
  Additional References
  Ale Configuration for pushing Idocs form SAP to XI
  /people/swaroopa.vishwanath/blog/2007/01/22/ale-configuration-for-pushing-idocs-from-sap-to-xi