Iptables -p tcp/udp --dport no longer working

Similar Messages

• [solved] openvpn connection no longer working, tls error

  Hey!
  I have a strange problem. The same setup was working for months, nothing changed. Perhaps it`s due to an update and you guys can help me. I can`t establish a vpn connection to our openvpn server any more.
  I`m using tunnelblick as vpn client to connect from my mac to the office. It hangs at "waiting for response from server". I`m not an expert, but as I understand the tls handshake fails. I googled around and tried everything suggested, but no success.
  I haven`t used it since the latest openvpn package update, perhaps it has something to do with that?
  I found this, too, but it didn`t help either:
  http://openvpn.net/index.php/open-sourc … ivity.html
  This is the client log:
  2013-02-16 11:17:06 MANAGEMENT: >STATE:1361009826,WAIT,,,
  2013-02-16 11:18:06 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
  2013-02-16 11:18:06 TLS Error: TLS handshake failed
  2013-02-16 11:18:06 TCP/UDP: Closing socket
  2013-02-16 11:18:06 SIGUSR1[soft,tls-error] received, process restarting
  2013-02-16 11:18:06 MANAGEMENT: >STATE:1361009886,RECONNECTING,tls-error,,
  2013-02-16 11:18:06 MANAGEMENT: CMD 'hold release'
  and this is the server log (verbose 5):
  Sat Feb 16 11:38:08 2013 us=118721 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
  Sat Feb 16 11:38:08 2013 us=133716 Diffie-Hellman initialized with 2048 bit key
  Sat Feb 16 11:38:08 2013 us=134619 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
  Sat Feb 16 11:38:08 2013 us=134677 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
  Sat Feb 16 11:38:08 2013 us=134707 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
  Sat Feb 16 11:38:08 2013 us=134745 TLS-Auth MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
  Sat Feb 16 11:38:08 2013 us=134808 Socket Buffers: R=[212992->131072] S=[212992->131072]
  Sat Feb 16 11:38:08 2013 us=135268 TUN/TAP device tap0 opened
  Sat Feb 16 11:38:08 2013 us=135370 TUN/TAP TX queue length set to 100
  Sat Feb 16 11:38:08 2013 us=135572 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
  Sat Feb 16 11:38:08 2013 us=137116 UDPv4 link local (bound): [undef]
  Sat Feb 16 11:38:08 2013 us=137832 UDPv4 link remote: [undef]
  Sat Feb 16 11:38:08 2013 us=137870 MULTI: multi_init called, r=256 v=256
  Sat Feb 16 11:38:08 2013 us=138013 IFCONFIG POOL: base=192.168.1.220 size=10, ipv6=0
  Sat Feb 16 11:38:08 2013 us=138087 Initialization Sequence Completed
  Sat Feb 16 11:38:22 2013 us=273924 MULTI: multi_create_instance called
  Sat Feb 16 11:38:22 2013 us=274097 192.168.1.4:1194 Re-using SSL/TLS context
  Sat Feb 16 11:38:22 2013 us=274189 192.168.1.4:1194 LZO compression initialized
  Sat Feb 16 11:38:22 2013 us=274539 192.168.1.4:1194 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
  Sat Feb 16 11:38:22 2013 us=274643 192.168.1.4:1194 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
  Sat Feb 16 11:38:22 2013 us=274701 192.168.1.4:1194 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
  Sat Feb 16 11:38:22 2013 us=274717 192.168.1.4:1194 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
  Sat Feb 16 11:38:22 2013 us=274745 192.168.1.4:1194 Local Options hash (VER=V4): 'c5677ab3'
  Sat Feb 16 11:38:22 2013 us=274765 192.168.1.4:1194 Expected Remote Options hash (VER=V4): 'a7133b47'
  RSat Feb 16 11:38:22 2013 us=275000 192.168.1.4:1194 TLS: Initial packet from [AF_INET]192.168.1.4:1194 (via [AF_INET]192.168.1.205%br0), sid=e46fc8e5 4b4327b5
  WSat Feb 16 11:38:22 2013 us=275121 192.168.1.4:1194 write UDPv4: Invalid argument (code=22)
  RWSat Feb 16 11:38:24 2013 us=597178 192.168.1.4:1194 write UDPv4: Invalid argument (code=22)
  RWSat Feb 16 11:38:28 2013 us=80376 192.168.1.4:1194 write UDPv4: Invalid argument (code=22)
  RWSat Feb 16 11:38:36 2013 us=360017 192.168.1.4:1194 write UDPv4: Invalid argument (code=22)
  WSat Feb 16 11:38:52 2013 us=266108 192.168.1.4:1194 write UDPv4: Invalid argument (code=22)
  RWSat Feb 16 11:38:52 2013 us=284681 192.168.1.4:1194 write UDPv4: Invalid argument (code=22)
  RSat Feb 16 11:39:22 2013 us=604136 192.168.1.4:1194 TLS: new session incoming connection from [AF_INET]192.168.1.4:1194 (via [AF_INET]192.168.1.205%br0)
  Sat Feb 16 11:39:22 2013 us=604198 192.168.1.4:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
  Sat Feb 16 11:39:22 2013 us=604219 192.168.1.4:1194 TLS Error: TLS handshake failed
  This is the server config. It`s located in /etc/openvpn/openvpn_server.conf and the server starts fine with systemctl start openvpn@openvpn_server.service.
  mode server
  dev tap0
  multihome
  server-bridge 192.168.1.205 255.255.255.0 192.168.1.220 192.168.1.229
  client-to-client
  proto udp
  port 1194
  comp-lzo
  persist-tun
  persist-key
  keepalive 10 120
  ca /etc/openvpn/keys/ca.crt
  dh /etc/openvpn/keys/dh2048.pem
  cert /etc/openvpn/keys/archvpn.crt
  key /etc/openvpn/keys/archvpn.key
  tls-auth /etc/openvpn/keys/ta.key 0
  tls-server
  verb 3
  cipher AES-128-CBC
  log /etc/openvpn/openvpn.log
  This is the client config:
  client
  remote myserver.dyndns.org 1194
  dev tap0
  proto udp
  port 1194
  comp-lzo
  ca ca.crt
  cert tom.crt
  key tom.key
  persist-tun
  persist-key
  resolv-retry infinite
  keepalive 10 120
  tls-auth ta.key 1
  tls-client
  ns-cert-type server
  verb 3
  cipher AES-128-CBC
  float
  What I checked and tried so far:
  0    did a lot of reading
  1    modules are loaded in /etc/modules-load.d/openvpn.conf
  tun
  bridge
  2 netcfg config starts tap and network config
  /etc/conf.d/netcfg
  NETWORKS=(openvpn_tap office_lan_openvpn)
  /etc/network.d/openvpn_tap
  INTERFACE='tap0'
  CONNECTION='tuntap'
  MODE='tap'
  USER='nobody'
  GROUP='nobody'
  /etc/network.d/office_lan_openvpn
  INTERFACE="br0"
  CONNECTION="bridge"
  DESCRIPTION="Ethernet/OpenVPN bridge"
  BRIDGE_INTERFACES="eth0 tap0"
  IP="static"
  ADDR="192.168.1.205"
  GATEWAY="192.168.2.1"
  DNS=("192.168.1.1")
  3    checked firewall port, even disabled iptables
  4    port forwarding in fritzbox is active
  5    all other connections from outside are working (http, ftp)
  6    certificates and keys should be fine, they were working in the past with the same setup
  Hope someone can help me, I really need my connection back… If anything else is needed just let me know.
  Last edited by archtom (2013-02-16 16:08:21)

  I solved it
  I did more reading and it seemed to be a problem in the config files, anything else could be pretty much excluded.
  I started with fresh config files referring to the german wiki (it`s different) from .org. Since it was working with this I started to track the problem down. In the end I had to delete the
  multihome
  option in the server config. Everything seems fine now! Thanks for everyone that read it. Perhaps it helps someone in the future.

• Airtunes no longer working

  Hi everyone.
  I used Airtunes over Airport Express fine for years, but just updated to iTunes 8 and it no longer works. I get error message -3256 when I try to connect, and it directs me to my firewall settings.
  A few notes:
  - in iTunes preferences, I confirmed that the 'look for remote speakers connected with AirTunes' is checked. It is.
  - in System Preferences, under TCP/IP, IPv6 configuration, I confirmed that IPv6 is set to configure automatically. It is.
  - in System Preferences, under the Firewall tab, iTunes Music Sharing is selected but I can't see anything else likely to affect AirTunes.
  So I read this article here: http://support.apple.com/kb/TS2278
  and thought I'd check that the Airport Express firmware is up to date. I downloaded AirPort Utility from here: http://support.apple.com/downloads/AirPortUtility_5_3_2Tiger
  and used it to update the firmware to 6.3.
  I now find that AirPort Utility can not find my Airport Express ("Airport Utility was unable to find any Apple wireless devices...") which has a green light on it, indicating that it's joined my wireless network.
  In addition, iTunes can no longer 'see' my remote speakers.
  This is very frustrating. It used to work fine. I've done everything in the Apple support article and the problem seems to have got worse. Can anyone here advise me? Am I missing something painfully obvious?
  Thanks in advance.
  Jason

  PS Sorry, I forgot to mention I also confirmed that 'block UDP traffic' is not selected. It is not.

• [SOLVED] Openbox autostart no longer working since upgrade

  After the upgrade on May 14 2013 my autostart file no longer works. I tried renaming my autostart.sh to just autostart no luck. There is nothing wrong with the autostart file as I can run it manually and it will load all my apps. Also, if I cd to  /usr/lib/openbox/ and run openbox-autostart directly it works. Here are the updated packages:
  [2013-05-14 21:34] [PACMAN] upgraded ethtool (1:3.8-1 -> 1:3.9-1)
  [2013-05-14 21:34] [PACMAN] upgraded firefox (20.0.1-5 -> 21.0-1)
  [2013-05-14 21:34] [PACMAN] upgraded gsettings-desktop-schemas (3.8.0-1 -> 3.8.2-1)
  [2013-05-14 21:34] [PACMAN] upgraded glib-networking (2.36.1-1 -> 2.36.2-1)
  [2013-05-14 21:34] [PACMAN] upgraded gnome-icon-theme-symbolic (3.8.0.1-2 -> 3.8.2.2-1)
  [2013-05-14 21:34] [PACMAN] upgraded gnome-icon-theme (3.8.0-1 -> 3.8.2-1)
  [2013-05-14 21:34] [PACMAN] upgraded gnupg (2.0.19-7 -> 2.0.20-1)
  [2013-05-14 21:34] [PACMAN] upgraded gtkmm (2.24.2-2 -> 2.24.3-1)
  [2013-05-14 21:34] [PACMAN] upgraded gvfs (1.16.1-2 -> 1.16.2-1)
  [2013-05-14 21:34] [PACMAN] upgraded libical (0.48-1 -> 1.0-2)
  [2013-05-14 21:34] [PACMAN] upgraded mplayer (35920-2 -> 35920-3)
  [2013-05-14 21:34] [PACMAN] upgraded orage (4.8.4-1 -> 4.8.4-2)
  [2013-05-14 21:34] [PACMAN] upgraded pango (1.34.0-1 -> 1.34.1-1)
  [2013-05-14 21:34] [PACMAN] upgraded pdnsd (1.2.9.a-1 -> 1.2.9.a-2)
  [2013-05-14 21:34] [PACMAN] upgraded python2-distribute (0.6.38-1 -> 0.6.39-1)
  [2013-05-14 21:34] [PACMAN] upgraded python2-zope-interface (4.0.3-1 -> 4.0.5-1)
  [2013-05-14 21:34] [PACMAN] upgraded sudo (1.8.6.p8-1 -> 1.8.6.p8-2)
  [2013-05-14 21:34] [PACMAN] upgraded thunderbird (17.0.5-2 -> 17.0.6-1)
  [2013-05-14 21:34] [PACMAN] upgraded virtualbox (4.2.12-2 -> 4.2.12-3)
  [2013-05-14 21:34] [PACMAN] upgraded vte-common (0.34.4-1 -> 0.34.5-1)
  [2013-05-14 21:35] [PACMAN] upgraded python3-threaded_servers (2013.5.12.3-1 -> 2013.5.14.1-1)
  Not sure what's going on or what could have caused it. My .xinitrc looks like this:
  #!/bin/sh
  if [ -d /etc/X11/xinit/xinitrc.d ]; then
  for f in /etc/X11/xinit/xinitrc.d/*; do
  [ -x "$f" ] && . "$f"
  done
  unset f
  fi
  export BROWSER="chromium"
  # Start GNOME Keyring
  eval $(/usr/bin/gnome-keyring-daemon --start --components=gpg,pkcs11,secrets,ssh)
  # You probably need to do this too:
  export SSH_AUTH_SOCK
  export GPG_AGENT_INFO
  export GNOME_KEYRING_CONTROL
  export GNOME_KEYRING_PID
  exec openbox-session
  My .zprofile
  [[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && startx &> ~/.xlog
  My systemd startup service:
  # This file is part of systemd.
  # systemd is free software; you can redistribute it and/or modify it
  # under the terms of the GNU Lesser General Public License as published by
  # the Free Software Foundation; either version 2.1 of the License, or
  # (at your option) any later version.
  [Unit]
  Description=Getty on %I
  Documentation=man:agetty(8) man:systemd-getty-generator(8)
  Documentation=http://0pointer.de/blog/projects/serial-console.html
  After=systemd-user-sessions.service plymouth-quit-wait.service
  After=rc-local.service
  # If additional gettys are spawned during boot then we should make
  # sure that this is synchronized before getty.target, even though
  # getty.target didn't actually pull it in.
  Before=getty.target
  IgnoreOnIsolate=yes
  # On systems without virtual consoles, don't start any getty. (Note
  # that serial gettys are covered by [email protected], not this
  # unit
  ConditionPathExists=/dev/tty0
  [Service]
  # the VT is cleared by TTYVTDisallocate
  ExecStart=-/sbin/agetty -a dodo3773 %I 38400
  Type=simple
  #Restart=always
  #RestartSec=0
  UtmpIdentifier=%I
  TTYPath=/dev/%I
  TTYReset=no
  TTYVHangup=no
  TTYVTDisallocate=no
  KillMode=process
  IgnoreSIGPIPE=no
  # Unset locale for the console getty since the console has problems
  # displaying some internationalized messages.
  Environment=LANG= LANGUAGE= LC_CTYPE= LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION=
  # Some login implementations ignore SIGTERM, so we send SIGHUP
  # instead, to ensure that login terminates cleanly.
  KillSignal=SIGHUP
  [Install]
  WantedBy=getty.target
  Edit: I tried switching to bash in a tty and then just startx but that doesn't help either.
  Edit2: To be clear openbox does load a desktop. The autostart scripts at ~/.config/openbox/ just don't run. Thanks.
  Edit3: I decided to run the command issued in openbox-session and added --debug to it. Here is the output of "xinit /usr/bin/openbox --debug --startup "/usr/lib/openbox/openbox-autostart OPENBOX" "$@" -- :1 -nolisten tcp" :
  X.Org X Server 1.14.1
  Release Date: 2013-04-17
  X Protocol Version 11, Revision 0
  Build Operating System: Linux 3.8.7-1-ARCH x86_64
  Current Operating System: Linux dodo713 3.9.2-2-ck #1 SMP PREEMPT Sun May 12 18:19:49 EDT 2013 x86_64
  Kernel command line: BOOT_IMAGE=/vmlinuz-linux-ck root=UUID=06874255-7a5d-4968-8f09-1e53cb761f44 ro quiet init=/usr/lib/systemd/systemd
  Build Date: 17 April 2013 02:37:06PM
  Current version of pixman: 0.30.0
  Before reporting problems, check http://wiki.x.org
  to make sure that you have the latest version.
  Markers: (--) probed, (**) from config file, (==) default setting,
  (++) from command line, (!!) notice, (II) informational,
  (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
  (==) Log file: "/var/log/Xorg.1.log", Time: Fri May 17 08:14:11 2013
  (==) Using config file: "/etc/X11/xorg.conf"
  (==) Using config directory: "/etc/X11/xorg.conf.d"
  setversion 1.4 failed
  Initializing built-in extension Generic Event Extension
  Initializing built-in extension SHAPE
  Initializing built-in extension MIT-SHM
  Initializing built-in extension XInputExtension
  Initializing built-in extension XTEST
  Initializing built-in extension BIG-REQUESTS
  Initializing built-in extension SYNC
  Initializing built-in extension XKEYBOARD
  Initializing built-in extension XC-MISC
  Initializing built-in extension SECURITY
  Initializing built-in extension XINERAMA
  Initializing built-in extension XFIXES
  Initializing built-in extension RENDER
  Initializing built-in extension RANDR
  Initializing built-in extension COMPOSITE
  Initializing built-in extension DAMAGE
  Initializing built-in extension MIT-SCREEN-SAVER
  Initializing built-in extension DOUBLE-BUFFER
  Initializing built-in extension RECORD
  Initializing built-in extension DPMS
  Initializing built-in extension X-Resource
  Initializing built-in extension XVideo
  Initializing built-in extension XVideo-MotionCompensation
  Initializing built-in extension XFree86-VidModeExtension
  Initializing built-in extension XFree86-DGA
  Initializing built-in extension XFree86-DRI
  Initializing built-in extension DRI2
  Loading extension GLX
  Loading extension NV-GLX
  Loading extension NV-CONTROL
  Loading extension XINERAMA
  setversion 1.4 failed
  Openbox-Debug: --startup /usr/lib/openbox/openbox-autostart OPENBOX
  Openbox-Debug: Moving to desktop 1
  Openbox-Debug: not managing override redirect window 0x4000bb
  which: no hsetroot in (/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/android-sdk/platform-tools:/usr/bin/core_perl:/home/dodo3773/Documents/Scripts:/home/dodo3773/Documents/Scripts)
  which: no esetroot in (/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/android-sdk/platform-tools:/usr/bin/core_perl:/home/dodo3773/Documents/Scripts:/home/dodo3773/Documents/Scripts)
  which: no xsetroot in (/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/android-sdk/platform-tools:/usr/bin/core_perl:/home/dodo3773/Documents/Scripts:/home/dodo3773/Documents/Scripts)
  kupfer: Reading from stdin
  The XKEYBOARD keymap compiler (xkbcomp) reports:
  > Warning: Compat map for group 2 redefined
  > Using new definition
  > Warning: Compat map for group 3 redefined
  > Using new definition
  > Warning: Compat map for group 4 redefined
  > Using new definition
  Errors from xkbcomp are not fatal to the X server
  Openbox-Debug: Caught signal 22. Ignoring.
  Openbox-Debug: UPDATE DESKTOP NAMES
  Openbox-Debug: Keyboard map changed. Reloading keyboard bindings.
  Edit4: Removed everything from /etc/xdg/autostart and ~/.config/autostart/ directories. That didn't work.
  Edit5: Tried installing xorg-xsetroot to let openbox set the color of the wallpaper. That didn't work.
  Edit6: Checked the output of "loginctl show-session $XDG_SESSION_ID" to make sure that wasn't the issue. Looks okay to me:
  Id=1
  Timestamp=Fri 2013-05-17 10:25:53 PDT
  TimestampMonotonic=13650783
  DefaultControlGroup=systemd:/user/1000.user/1.session
  VTNr=1
  TTY=tty1
  Remote=no
  Service=login
  Leader=405
  Audit=1
  Type=tty
  Class=user
  Active=yes
  State=active
  KillProcesses=no
  IdleHint=no
  IdleSinceHint=1368811547544203
  IdleSinceHintMonotonic=7545641
  Name=dodo3773
  Edit7: Tried installing xorg-xrdb thinking maybe that would help and did todays updates. No luck yet.
  Edit8: Kupfer still loads even though nothing else does. So I uninstalled kupfer. Same thing though. No autostart.
  Edit9: Tried booting into repo kernel instead of ck kernel. Didn't work.
  Last edited by dodo3773 (2013-05-19 06:34:44)

  WonderWoofy wrote:Interestingly, of all those things you included in your post, you forgot to include the autostart script itself.  What does that look like?
  Well, since it worked fine even when called indirectly through openbox-autostart and since it's worked fine for months I figured it was fine. I am happy to post it though. Here you go:
  feh --bg-scale /home/dodo3773/Pictures/blacksolid.png &
  xfce4-panel &
  numlockx &
  keepassx -lock &
  kupfer --no-splash &
  ~/Documents/Scripts/startupopen.sh &
  sleep 30 && sudo /usr/bin/ntpd -qg &
  sudo /usr/sbin/ethtool -K eth0 rx off &
  ~/Documents/Scripts/conky.sh &
  sudo /home/dodo3773/Documents/Scripts/temp_throttlenew > /dev/null 2>&1 &
  Here are the external scripts that are called (startupopen.sh and temp_throttlenew):
  startupopen.sh
  #! /bin/bash
  sleep 13
  chromium &
  thunderbird &
  sleep 20
  devilspie -a &
  sleep 7
  pkill devilspie &
  exit
  temp_throttlenew
  #!/bin/bash
  # temp_throttle.sh max_temp
  # USE CELSIUS TEMPERATURES.
  if [[ $EUID -ne 0 ]]; then
  echo "This script must be run as root" 1>&2
  exit 1
  fi
  #if [ $# -ne 1 ]; then
  # If temperature wasn't given, then print a message and exit.
  # echo "Please supply a maximum desired temperature in Celsius." 1>&2
  # echo "For example: ${0} 60" 1>&2
  # exit 2
  #else
  #Set the first argument as the maximum desired temperature.
  MAX_TEMP=85
  #fi
  # The frequency will increase when low temperature is reached.
  let LOW_TEMP=$MAX_TEMP-5
  CORES=$(nproc) # Get number of CPU cores.
  echo -e "Number of CPU cores detected: $CORES\n"
  # Temperatures internally are calculated to the thousandth.
  MAX_TEMP=${MAX_TEMP}000
  LOW_TEMP=${LOW_TEMP}000
  # FREQ_LIST is a list (array) of all available cpu frequencies the system allows.
  declare -a FREQ_LIST=($(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_frequencies))
  # CURRENT_FREQ relates to the FREQ_LIST by keeping record of the currently set frequency.
  let CURRENT_FREQ=1
  function set_freq {
  echo ${FREQ_LIST[$1]}
  cpupower frequency-set -g "ondemand" -d "800MHz" -u ${FREQ_LIST[$1]}
  function throttle {
  if [ $CURRENT_FREQ -ne $((${#FREQ_LIST[@]}-1)) ]; then
  let CURRENT_FREQ+=1
  echo -n "throttle "
  set_freq $CURRENT_FREQ
  fi
  function unthrottle {
  if [ $CURRENT_FREQ -ne 0 ]; then
  let CURRENT_FREQ-=1
  echo -n "unthrottle "
  set_freq $CURRENT_FREQ
  fi
  function get_temp {
  # Get the system temperature.
  # If one of these doesn't work, the try uncommenting another.
  TEMP=$(cat /sys/class/thermal/thermal_zone0/temp)
  #TEMP=$(cat /sys/class/hwmon/hwmon0/temp1_input)
  #TEMP=$(cat /sys/class/hwmon/hwmon1/device/temp1_input)
  while true; do
  get_temp
  if [ $TEMP -gt $MAX_TEMP ]; then # Throttle if too hot.
  throttle
  elif [ $TEMP -le $LOW_TEMP ]; then # Unthrottle if cool.
  unthrottle
  fi
  sleep 3
  done
  Stuff that needs sudo is in my sudoers as "username hostname NOPASSWD: item1,item2,etc,etc". Nothing too exciting. Seems like if there was suddenly something wrong with my autostart file at least some of the stuff would run either way though cause of "&". Pretty puzzling this issue is.

• CiscoIPPhoneExecute no longer works on SPA50xG ?

  I have simple XML Phone Application:
  <CiscoIPPhoneExecute>
          <ExecuteItem Priority="0" URL="Init:Services" />
          <ExecuteItem Priority="1" URL="Key:Settings" />
          <ExecuteItem Priority="1" URL="Key:KeyPad1" />
          <ExecuteItem Priority="1" URL="Key:KeyPad2" />
          <ExecuteItem Priority="1" URL="Key:Soft1" />
  </CiscoIPPhoneExecute>
  It's used on SPA50xG devices to do "reset to factory default" (it open menu, select item 12, answer "yes" to "are you sure?" question). It worked on 7.4.7 firmware. It no longer work on 7.5.4 firmware. It claim "Request failed" on display only.
  The device received SIP NOTIFY Event: XML-Service with URL, then asked and received the URL from HTTP server - but then "Request failed" on display and game over. As far as I know, no documentation nor ChangeLog mention a change related to CiscoIPPhoneExecute object between 7.4.x and 7.5.x . So what I'm missing ? Any idea ?
  Debug messages from device related to case:
  Product Name: SPA508G, Software Version: 7.5.4, Hardware Version: 1.0.2(0001)
  cme services url=https://test-provisioning....cz/Cisco/test-Restart.xml\0x0d\0x0a
  create CMX_new @ 94c1a120, init cbData 0 g_pAppCmx=0
  cmxhttp: url=https://test....cz/Cisco/test-Restart.xml\0x0d\0x0a
  [CMXHTTP] scheme = https
  [CMXHTTP] scheme = 3
  [CMXHTTP] host=test....cz:443; path=/Cisco/test-Restart.xml\0x0d\0x0a; locale=Accept-Language: en-US\0x0d\0x0a
  [create_tcp_netstrm1] use async to create tcp connection
  connect succeed
  [create_tcp_netstrm1] connect SUCCEED
  [CMXHTTP] refresh time=0s, URL=
  [CMXHTTP] Http failed, rc=0, len=10240
  SipXml_eventHandler SIPXML_EV_CMXH_FAILED
  CMX_eventProc(),app=94c1a120 msg:0xFB4B, par:0, par2:0
  CMX_eventProc: got http_failed. 1 1 0x0

  I'm speaking to yourself, but problem solved. It's about "Important note" in
  If there is a CRLF on the end of NOTIFY's URL then phone will request
  GET /Cisco/test-Restart.xml\r\n
    HTTP/1.0\r\n
  from HTTP server. The server will respond with HTTP/0.9 formatted reply, such response is unrecognized by phone and refused.
  Many thank to which forced me to do depth-in analysis of the problem. I found a solution as result of it.

• Accessing NFS mounted share in Finder no longer works in 10.5.3+

  I have setup an automounted NFS share previously with Leopard against a RHEL 5 server at the office. I had to go through a few loops to punch a hole through the appfirewall to get the share accessible in the Finder.
  A few months later when I returned to the office after a consultancy stint and upgrades to 10.5.3 and 10.5.4 the NFS mount no longer works. I have investigated it today and I can't get it to run even with the appfirewall disabled.
  I've been doing some troubleshooting, and the interaction between the statd, lockd and perhaps the portmap seem a bit fishy, even with the appfirewall disabled. Both the statd and lockd complains that they can not register; lockd once and statd indefinitely.
  Jul 2 15:17:10 ySubmarine com.apple.statd[521]: rpc.statd: unable to register (SM_PROG, SM_VERS, UDP)
  Jul 2 15:17:10 ySubmarine com.apple.launchd[1] (com.apple.statd[521]): Exited with exit code: 1
  Jul 2 15:17:10 ySubmarine com.apple.launchd[1] (com.apple.statd): Throttling respawn: Will start in 10 seconds
  ... and rpcinfo -p gets connection refused unless I start portmap using the launchctl utility.
  This may be a bit obscure, and I'm not exactly an expert of NFS, so I wonder if someone else stumbled across this, and can point me in the right direction?
  Johan

  Sorry for my late response, but I have finally got around to some trial and error. I can mount the share using mount_nfs (but need to use sudo), and it shows up as a mounted disk in the Finder. However, when I start to browse a directory on the share that I can write to, I end up with the lockd and statd failures.
  $ mount_nfs -o resvport xxxx:/home /Users/yyyy/xxxx-home
  mount_nfs: /Users/yyyy/xxxx-home: Permission denied
  $ sudo mount_nfs -o resvport xxxx:/home /Users/yyyy/xxxx-home
  Jul 7 10:37:34 zzzz com.apple.statd[253]: rpc.statd: unable to register (SM_PROG, SM_VERS, UDP)
  Jul 7 10:37:34 zzzz com.apple.launchd[1] (com.apple.statd[253]): Exited with exit code: 1
  Jul 7 10:37:34 zzzz com.apple.launchd[1] (com.apple.statd): Throttling respawn: Will start in 10 seconds
  Jul 7 10:37:44 zzzz com.apple.statd[254]: rpc.statd: unable to register (SM_PROG, SM_VERS, UDP)
  Jul 7 10:37:44 zzzz com.apple.launchd[1] (com.apple.statd[254]): Exited with exit code: 1
  Jul 7 10:37:44 zzzz com.apple.launchd[1] (com.apple.statd): Throttling respawn: Will start in 10 seconds
  Jul 7 10:37:54 zzzz com.apple.statd[255]: rpc.statd: unable to register (SM_PROG, SM_VERS, UDP)
  Jul 7 10:37:54 zzzz com.apple.launchd[1] (com.apple.statd[255]): Exited with exit code: 1
  Jul 7 10:37:54 zzzz com.apple.launchd[1] (com.apple.statd): Throttling respawn: Will start in 10 seconds
  Jul 7 10:37:58 zzzz loginwindow[25]: 1 server now unresponsive
  Jul 7 10:37:59 zzzz KernelEventAgent[26]: tid 00000000 unmounting 1 filesystems
  Jul 7 10:38:02 zzzz com.apple.autofsd[40]: automount: /net updated
  Jul 7 10:38:02 zzzz com.apple.autofsd[40]: automount: /home updated
  Jul 7 10:38:02 zzzz com.apple.autofsd[40]: automount: no unmounts
  Jul 7 10:38:02 zzzz loginwindow[25]: No servers unresponsive
  ... and firewall wide open.
  I guess that the Finder somehow triggers file locking over NFS.

• X11 session tunnelling via SSH: no longer working!

  Hi!
  Graphical access to a Solaris 9 or 10 server via X11 tunneled thru an SSH session used to work fine until recently. In other worlds, you would connect with a
  ssh -X [email protected] your workstation running an appropriate X11 server, the remote SSHD would set up the DISPLAY variable pointing back to itself and everything would work as expected. Run a graphical app, and it would happily pop up in your display.
  However, recently this has stopped working on two different servers I use, one with Solaris 9 and the other with the latest Solaris 10. The ssh session works normally, but the DISPLAY variable does not get set and the following error pops up in the console:
  Aug 26 13:58:46 sunserver sshd[2251]: [ID 800047 auth.error] error: Failed to allocate internet-domain X11 display socket.Both servers were patched with the latest security and recommended patches. Tried by connecting from a MacOS X 10.5 portable (using the included X11 server), a Knoppix 5.3.1 host and an OpenSolaris host, all with the same failed results. However, on an older Solaris 9 server that has not been recently patched, the tunnelling works as usual, so it seems to be a server-side problem. And, like I mentioned, this all used to work on the failing servers, before the patching orgy this summer.
  Since the tunnelling no longer works, the only way to run graphical apps is by manually doing the insecure xhost +client / DISPLAY=server:0.0; export DISPLAY routine. 
  Has anyone run across this problem and know which patch messed things up? Is there a solution or, at least, a workaround?
  TIA for your help.
  J. Courcoul

  There was a posted six hour service window for this web site yesterday. Your initial posting should have happened just
  before the service windows opened and after the service windows expired half of the world was still asleep and then you
  complain the next morning about the dearth of responses. Talk about underwhelming.Guess my anxiety due to user pressure was showing... :D HOWEVER, I did get a perfectly good response on comp.sys.sun.admin about four hours after posting, even though slashdot and others have been crowing about the death of Usenet.
  Usually X forwarding breaks when there is nothing to connect back to but your messages seems to suggest that a patch
  has caused the problems. For the life of me I can't figure out why adding an IPv6 loopback address would fix this but
  an actually Sun employee would know better than I.Precisely why I don't want to mark the question as answered yet. Heck, when I read the trick, it made me think that I had completely misunderstood how the tunnelling mechanism works.
  You might try going through the list of patches that were applied and see if any of them contain files related somehow
  to SSH and then file a bug report against that patch to Sun so it can be fixed, again.Yes, cause there was an ssh/sshd patch that came out in the June/July timeframe which may have a bearing. However, I recall there was at least one or maybe two patches for tcp that may also have been a cause. Time to put on the Sherlock Holmes cap...

• Maximum number of tcp/udp connections

  I've got a WRT54G and recently I contacted linksys suport due to some problems I was having with
  BitTorrent clients(very common issue it seems). I have a home lan with 3 computers,
  and if 2 or more of them are on at the same time(even when only 1 is using bittorrent), the connection keeps going
  down.
  Linksys support told me a lot of routers face this problem since bittorrent works by opening lots of simultaneous
  tcp/udp connetions, and one thing I should do is try to limit these connections to a number the router can handle.
  Even though I might experience some poor speeds limiting connections, it seems it's all I have left. So, not a
  problem at all, except one question which brings us to the purpose of this message:
  Approximately HOW MANY TCP/UDP CONNECTIONS can WRT54g handle at the SAME TIME?
  Since I'm to share among 3 users, all of which are torrent freaks, I'm gonna have one heck of a hard time tryin' to
  guess the maximum number of connections each should have, specially when they're all on at the same time.
  Support said they don't have that information. So does anyone out there have a good guess?
  And also, does anyone know of any Linksys router (for home use) that is able to work with torrents without any
  problem at all?

  The wrt54g(s) upto v4 and the wrt54gL use a Linux 2.4.20 kernel.
  This Linux-kernel set a max of 1024 connections and a hastable of max 128 buckets, the gs models with 32 Mbyte have 2048/256.
  I see three problems:
  1. The following patch is not applied to the kernel: Netfilter / connection Tracking Remote DoS, CVE: CAN-2003-0187
  2. The hashsize is wrongly set, de default kernel 2.4.20 values are wrong, and may NOT be an even number (128), it should be a prime number.
  3. The ratio between hashsize and max amount of connections should be set to 1 and not 8, this to increase performance.
  Some improvement is made by Linksys in firmware version 4.21.1 and 4.30.9 (are neerly the same) .
  I hope this information helps,
  greetings,
  jchuit
  http://tarifa.sourceforge.net/

• What TCP/UDP ports need to be open for VPN Client version 4.8?

  What TCP/UDP ports need to be open for Cisco VPN Client version 4.8 to work?
  Thanks,

  Normally, you need the following ports and protocol :
  UDP 500
  UDP 4500
  ESP
  In case, you are using IPSec over TCP you have to open, TCP port 10000 or any other port you want to use for IPSec connections (Its configurable).
  -Kanishka

• TCP/UDP Port Utilization question for CCX 8.5

  Greetings,
  I have gone through the CCX 8.5 TCP/UDP port utilization guide.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/configuration/guide/uccx851pug.pdf
  I always do this as a matter of practice and I had a question concerning Java RMI ports. In the guide there is an ephemeral range TCP:32768-61000 that is used for Java RMI. Based on the context clues in the footnote this is an intra-cluster communication between processes running on CCX. This jives with ACLs I have built for previous versions.
  The hang up I have is that Table 1 (page 6) of the guide shows that one of the remote devices is "Editor". I take this to mean CRS Editor, which can run on a desktop in the environment. I want to keep the ACL as trim as possible, so I don't want to open up the TCP ephemeral range unnecessarily. So, I guess my question is:
  When that document refers to "Editor" do they mean that the CRS Editor is communicating using the referenced ports? Or is there a server-side process called Editor listening on those ports. The shift in how I apparently have to account for RMI is causing me to question.
  Thanks in advance,
  Bill

  I followed the port guide, but am still having issues connecting to the editor from my workstation with my access-list in place.
  When I remove the ACL the editor connects and I can do reactive debugging. The ACL breaks this.
  Followed this
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf
  Does anyone have a sample acl that works?

• TCP/UDP timeouts

  Hi guys
  Does anyone know what the default values are for TCP/UDP timeouts on the home hub, or any standard router? I have a dd-wrt router, and it says 3600 seconds for TCP and 120 for UDP, is this ok, or is it too long?
  Thanks
  Pandarock32

  Hi pandarock32,
  Thanks for posting!
  I don't know the answer to this off the top of my head but I'll find out and I'll post back in a bit 
  All the best,
  Robbie
  BTCare Community Mod
  If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.
  We are sorry that we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-)
  If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

• Checking TCP/UDP ports!

  What's up everybody,
  Does anyobody know how to check if a port is open? (tcp/udp)
  thanks!
  matio,

  Welcome to the forums.
  Common Mac OS X tools used here include Network Utility, lsof, and telnet and ping, and dns-sd and ping for Bonjour and mDNS, depending on details are sought.
  (With the Windows entries from your footer, various of these tools and equivalents are what can be obtained by loading Cygwin or by loading Microsoft's SUA/SFU tools, and with some add-ons. PowerShell might or does have analogs here, but the old MS-DOS shell was pretty limited in what diagnostics were available without additions. There was telnet and ping, but some other bits were missing.)
  Add-on tools include nmap. (nmap is a fairly gonzo-useful tool for this sort of thing.)
  telnet works nicely for brute-force port tests on the LAN.
  And FWIW, if those public web site tools do work and if you're on your own LAN, then definitely also consider checking the settings of and consider upgrading the LAN security. Those tools and those web sites should be blocked by default by the firewall or the gateway device found on most any LAN; whether that's a low-end NAT device, a server-grade firewall, or otherwise.

• PCS no longer working with contacts and 6086

  I have applied the latest release of PC Suite 6.84.10.3.
  Previously the installed level was 6.83.14.1
  The send/read/write message still doesn't work but hangs the Windows Explorer for a while (this hang didn't occur previously)
  But now, the contact facility no longer works. It is no longer possible to edit a contact, to store it locally or to send it to the phone even a message says everything is OK
  (translate it from french: The contact has been well recorded into the phone)
  Folder browsing still works correctly, either the phone folder or the memory card folder
  Need a fix or a way to install the previous version, at least for the contacts...
  This is a really negative feedback!
  Phil

  I guess what I learned is that sometimes the best solution is to do nothing and wait for the problem to solve itself! Funny, this has never worked for me before.
  WOT is now working for me but often for only the first few rows of images. That's cool that it is also working with bing images.
  Boudica, thanks for understanding. I am new contributor/ question-asker here on mozilla and may not understand how things are done. I was just frustrated, getting an email saying that my question was answered, logging in to find that it wasn't.
  Now we have the functionality that we wanted, right?

• Brand new IPOD Touch Apps no longer work after upgrading software

  I got a Ipod touch for my wife Today at Wal-Mart. I brought it home, connected to wifi and downloaded some apps and also payed for some. They all worked fine. Then I connected to computer to transfer songs. It told me to upgrade the Ipod software so i Did. After it restarted none of the downloaded apps work anymore. I have read MANY MANY MANY discussions on this and there is no fix. I am not wiping out all the songs and reload everything all over again. It will take forever. My wifes BD is Friday and this is making me so mad after I just dropped $300 on this thing. APPLE!!! Where is the fix? I deleted the apps and reinstalled they still don't work. Anybody got this figured out? I am getting ready to get my money back and tell everyone to avoid buying ipod until they get this upgrade bug fixed.
  Message was edited by: 2009 IPOD TOUCH

  I have the same problem. Brand new two days ago. I synched the touch with Itunes but wasn't hooked up to the internet at the time so didn't do the software upgrade right away. Then I downloaded about a dozen apps (free and paid) with wifi directly to the touch. They all worked fine. Then I plugged it back in to Itunes and had it upgrade it to 3.1.2. It locked up Itunes several times since then and the downloaded apps no longer work (they start to open then disappear).
  The problem is, no one is listening to this problem (including Anna above)! Everyone says "just do a hard reboot, or restore to factory settings, reload the apps, etc." I've tried all the standard troubleshooting but none of it fixes this. It sure seems to me this is a problem with 3.1.2 but Apple isn't helping out here. Where are you APPLE? Use some of those outrageous profits you're making to fix the problem you have created. Here's $300 of my hard earned dollars pretty much down the drain.
  Message was edited by: IPatronius

• Link to A folder View in a PDF Portfolio - feature no longer working - please advise

  Hi, I am no longer able to link to a Folder View of a PDF Portfolio:
  Within a PDF portfolio i need to link from a PDF to a folder view in the Portfolio. I am using Link Action - Go to Page View.
  This used to work for me - very important feature that no longer works. Please advise a workaround.
  Steps:
  1. Start a PDF Portfolio that contains files and folders
  2. Open a PDF in the Portfolio
  3. in the opened PDF click Add or Edit Link
  4. Define a link area and set it to Go To A Page Vies
  5. In the past i have been able to target a Folder View in the Portfolio - ie. direct a user not to a file, but instead to a folder view that contains relevant files. I would do this by setting the Target Page View to my desired folder view
  6. This used to work in bringing a user to the folder view i specify. Now it does nothing. If i go back to the PDF and EDIT the Link i see this. File: Parent Document Page 1. This in fact does nothing.
  Please advise, am i doing this wrong, it used to work. I have tried several workarounds, with no luck.
  thanks!
  Alejandro Collados-Nunez
  Graphic Designer | Art Director
  | e: [email protected]
  | w: www.1lb.ca

  There's an extension or two, or a combination of extensions which seem to be causing that in Firefox 6.0.2. One that has been mentioned is TabMix Plus.
  http://support.mozilla.com/en-US/kb/troubleshooting+extensions+and+themes
  You need to figure out what is causing it, and disable that extension/s until they are fixed by their developer.