Setting up gateway and firewall in OS X Server 10.3?

Similar Messages

• How to set the date and time format from Windows Server 2008 R2

  Hi,
  I want to control my client's date and time format as dd/mm/yyyy format and I need to do it using the windows server 2008 R2. How can I achieve this goal?
  Yoshika04

  Hi,
  In Windows Server 2008 R2, you can use Regional Options Extension in Group Policy Preferences to configure the date and
  time format. For more information, please refer to:
  Regional Options Extension
  http://technet.microsoft.com/en-us/library/cc754496.aspx
  Regards,
  Bruce

• VPc and Firewall Gateway

  Hi.
  I have dual VPc setup betwen 7K and 5K.
  Two firewalls will be connected to each 7K that will act as Active-Standby HSRP/VRRP Gateway to hosts.
  Say I have hosts in vlan 10 in access switch and gateway is set to be the Firewall.
  Is the HSRP communication between firewalls (vlan10 sub-interface)  will be via the VPc peer-link as well?
  Or I have to create another L2 Trunk between the 7Ks?
  Appreciate comments.
  Thanks 

  Hi Allan,
  If you are using FW as GW then you will only have primary and standby add on subinterface for VLAN 10.Only you need to do allow VLAN 10 over peer link beween 7ks.Seprate link is only required if you are running dynamic routing protocol between FW then in this case you need seprate L3 link.
  Regrards.

• Setting up IP,Subnet, default gateway and secondary gateway in solaris 10 x

  Hi,
  I am new to solaris.
  I have instralled solaris10 x86 on my system.
  I am not able to access internet as i am not able to setup address.
  I use broadband and have static ip address.
  How do i configure them...
  ip, subnet, default gateway, and secondary gateway.
  Thanks in advance.

  run sys-unconfig and after reboot set the parameters (IP, etc)
  What do you mean second gateway?

• [SOLVED] NAT gateway and bridge

  Hello. I'm having hard time trying to setup a  small nat gateway. The whole point of me doing this is to learn more.
  Here is brief idea of what I'm trying to achieve. I have done it in the past with netcfg and it worked well but then I left my project to do other things. Now I'm back and after fresh install I can't start bridge interface with netctl.
  DSL_router|<--------->|ARCH | |+------->Gentoo/windows
  gateway 192.168.0.1| |gateway 192.168.1.1| br0 |
  |+dual_port_nic |<----+
  |
  +-------->5port switch(RsPI/printer/tv/ps3)
  So my Arch is connected to DSL router with static address on
  enp4s0. I have a dual port NIC (like this) that I want to bridge but for some reason I'm unable to.
  I configured my iptables according to Simple Stateful Firewall section of NAT gateway so it looks like this:
  # Generated by iptables-save v1.4.19.1 on Fri Aug 2 00:59:59 2013
  *nat
  :PREROUTING ACCEPT [5:576]
  :INPUT ACCEPT [5:576]
  :OUTPUT ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  -A POSTROUTING -s 192.168.1.0/24 -o enp4s0 -j MASQUERADE
  COMMIT
  # Completed on Fri Aug 2 00:59:59 2013
  # Generated by iptables-save v1.4.19.1 on Fri Aug 2 00:59:59 2013
  *filter
  :INPUT ACCEPT [828:78883]
  :FORWARD DROP [0:0]
  :OUTPUT ACCEPT [559:82036]
  :fw-interfaces - [0:0]
  :fw-open - [0:0]
  -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  -A FORWARD -j fw-interfaces
  -A FORWARD -j fw-open
  -A FORWARD -j REJECT --reject-with icmp-host-unreachable
  -A fw-interfaces -i br0 -j ACCEPT
  COMMIT
  # Completed on Fri Aug 2 00:59:59 2013
  I know its basic one but its all I need atm until I will get over that problem.
  My dnsmasq.conf:
  # Configuration file for dnsmasq.
  # Format is one option per line, legal options are the same
  # as the long options legal on the command line. See
  # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
  # Listen on this specific port instead of the standard DNS port
  # (53). Setting this to zero completely disables DNS function,
  # leaving only DHCP and/or TFTP.
  #port=5353
  # The following two options make you a better netizen, since they
  # tell dnsmasq to filter out queries which the public DNS cannot
  # answer, and which load the servers (especially the root servers)
  # unnecessarily. If you have a dial-on-demand link they also stop
  # these requests from bringing up the link unnecessarily.
  # Never forward plain names (without a dot or domain part)
  domain-needed
  # Never forward addresses in the non-routed address spaces.
  bogus-priv
  # Uncomment this to filter useless windows-originated DNS requests
  # which can trigger dial-on-demand links needlessly.
  # Note that (amongst other things) this blocks all SRV requests,
  # so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
  # This option only affects forwarding, SRV records originating for
  # dnsmasq (via srv-host= lines) are not suppressed by it.
  #filterwin2k
  # Change this line if you want dns to get its upstream servers from
  # somewhere other that /etc/resolv.conf
  #resolv-file=
  # By default, dnsmasq will send queries to any of the upstream
  # servers it knows about and tries to favour servers to are known
  # to be up. Uncommenting this forces dnsmasq to try each query
  # with each server strictly in the order they appear in
  # /etc/resolv.conf
  #strict-order
  # If you don't want dnsmasq to read /etc/resolv.conf or any other
  # file, getting its servers from this file instead (see below), then
  # uncomment this.
  #no-resolv
  # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
  # files for changes and re-read them then uncomment this.
  #no-poll
  # Add other name servers here, with domain specs if they are for
  # non-public domains.
  #server=/localnet/192.168.0.1
  # Example of routing PTR queries to nameservers: this will send all
  # address->name queries for 192.168.3/24 to nameserver 10.1.2.3
  #server=/3.168.192.in-addr.arpa/10.1.2.3
  # Add local-only domains here, queries in these domains are answered
  # from /etc/hosts or DHCP only.
  #local=/localnet/
  # Add domains which you want to force to an IP address here.
  # The example below send any host in double-click.net to a local
  # web-server.
  #address=/double-click.net/127.0.0.1
  # --address (and --server) work with IPv6 addresses too.
  #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
  # Add the IPs of all queries to yahoo.com, google.com, and their
  # subdomains to the vpn and search ipsets:
  #ipset=/yahoo.com/google.com/vpn,search
  # You can control how dnsmasq talks to a server: this forces
  # queries to 10.1.2.3 to be routed via eth1
  # server=10.1.2.3@eth1
  # and this sets the source (ie local) address used to talk to
  # 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
  # IP on the machine, obviously).
  # [email protected]#55
  # If you want dnsmasq to change uid and gid to something other
  # than the default, edit the following lines.
  #user=
  #group=
  # If you want dnsmasq to listen for DHCP and DNS requests only on
  # specified interfaces (and the loopback) give the name of the
  # interface (eg eth0) here.
  # Repeat the line for more than one interface.
  #interface=
  # Or you can specify which interface _not_ to listen on
  #except-interface=
  # Or which to listen on by address (remember to include 127.0.0.1 if
  # you use this.)
  #listen-address=
  # If you want dnsmasq to provide only DNS service on an interface,
  # configure it as shown above, and then use the following line to
  # disable DHCP and TFTP on it.
  #no-dhcp-interface=
  # On systems which support it, dnsmasq binds the wildcard address,
  # even when it is listening on only some interfaces. It then discards
  # requests that it shouldn't reply to. This has the advantage of
  # working even when interfaces come and go and change address. If you
  # want dnsmasq to really bind only the interfaces it is listening on,
  # uncomment this option. About the only time you may need this is when
  # running another nameserver on the same machine.
  #bind-interfaces
  # If you don't want dnsmasq to read /etc/hosts, uncomment the
  # following line.
  #no-hosts
  # or if you want it to read another file, as well as /etc/hosts, use
  # this.
  #addn-hosts=/etc/banner_add_hosts
  # Set this (and domain: see below) if you want to have a domain
  # automatically added to simple names in a hosts-file.
  #expand-hosts
  # Set the domain for dnsmasq. this is optional, but if it is set, it
  # does the following things.
  # 1) Allows DHCP hosts to have fully qualified domain names, as long
  # as the domain part matches this setting.
  # 2) Sets the "domain" DHCP option thereby potentially setting the
  # domain of all systems configured by DHCP
  # 3) Provides the domain part for "expand-hosts"
  #domain=thekelleys.org.uk
  # Set a different domain for a particular subnet
  #domain=wireless.thekelleys.org.uk,192.168.2.0/24
  # Same idea, but range rather then subnet
  #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
  # Uncomment this to enable the integrated DHCP server, you need
  # to supply the range of addresses available for lease and optionally
  # a lease time. If you have more than one network, you will need to
  # repeat this for each network on which you want to supply DHCP
  # service.
  dhcp-range=192.168.1.0,192.168.1.150,12h
  # This is an example of a DHCP range where the netmask is given. This
  # is needed for networks we reach the dnsmasq DHCP server via a relay
  # agent. If you don't know what a DHCP relay agent is, you probably
  # don't need to worry about this.
  #dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
  # This is an example of a DHCP range which sets a tag, so that
  # some DHCP options may be set only for this network.
  #dhcp-range=set:red,192.168.0.50,192.168.0.150
  # Use this DHCP range only when the tag "green" is set.
  #dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
  # Specify a subnet which can't be used for dynamic address allocation,
  # is available for hosts with matching --dhcp-host lines. Note that
  # dhcp-host declarations will be ignored unless there is a dhcp-range
  # of some type for the subnet in question.
  # In this case the netmask is implied (it comes from the network
  # configuration on the machine running dnsmasq) it is possible to give
  # an explicit netmask instead.
  #dhcp-range=192.168.0.0,static
  # Enable DHCPv6. Note that the prefix-length does not need to be specified
  # and defaults to 64 if missing/
  #dhcp-range=1234::2, 1234::500, 64, 12h
  # Do Router Advertisements, BUT NOT DHCP for this subnet.
  #dhcp-range=1234::, ra-only
  # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
  # add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
  # hosts. Use the DHCPv4 lease to derive the name, network segment and
  # MAC address and assume that the host will also have an
  # IPv6 address calculated using the SLAAC alogrithm.
  #dhcp-range=1234::, ra-names
  # Do Router Advertisements, BUT NOT DHCP for this subnet.
  # Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
  #dhcp-range=1234::, ra-only, 48h
  # Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
  # so that clients can use SLAAC addresses as well as DHCP ones.
  #dhcp-range=1234::2, 1234::500, slaac
  # Do Router Advertisements and stateless DHCP for this subnet. Clients will
  # not get addresses from DHCP, but they will get other configuration information.
  # They will use SLAAC for addresses.
  #dhcp-range=1234::, ra-stateless
  # Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
  # from DHCPv4 leases.
  #dhcp-range=1234::, ra-stateless, ra-names
  # Do router advertisements for all subnets where we're doing DHCPv6
  # Unless overriden by ra-stateless, ra-names, et al, the router
  # advertisements will have the M and O bits set, so that the clients
  # get addresses and configuration from DHCPv6, and the A bit reset, so the
  # clients don't use SLAAC addresses.
  #enable-ra
  # Supply parameters for specified hosts using DHCP. There are lots
  # of valid alternatives, so we will give examples of each. Note that
  # IP addresses DO NOT have to be in the range given above, they just
  # need to be on the same network. The order of the parameters in these
  # do not matter, it's permissible to give name, address and MAC in any
  # order.
  # Always allocate the host with Ethernet address 11:22:33:44:55:66
  # The IP address 192.168.0.60
  #dhcp-host=11:22:33:44:55:66,192.168.0.60
  # Always set the name of the host with hardware address
  # 11:22:33:44:55:66 to be "fred"
  #dhcp-host=11:22:33:44:55:66,fred
  # Always give the host with Ethernet address 11:22:33:44:55:66
  # the name fred and IP address 192.168.0.60 and lease time 45 minutes
  #dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
  # Give a host with Ethernet address 11:22:33:44:55:66 or
  # 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
  # that these two Ethernet interfaces will never be in use at the same
  # time, and give the IP address to the second, even if it is already
  # in use by the first. Useful for laptops with wired and wireless
  # addresses.
  #dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
  # Give the machine which says its name is "bert" IP address
  # 192.168.0.70 and an infinite lease
  #dhcp-host=bert,192.168.0.70,infinite
  # Always give the host with client identifier 01:02:02:04
  # the IP address 192.168.0.60
  #dhcp-host=id:01:02:02:04,192.168.0.60
  # Always give the host with client identifier "marjorie"
  # the IP address 192.168.0.60
  #dhcp-host=id:marjorie,192.168.0.60
  # Enable the address given for "judge" in /etc/hosts
  # to be given to a machine presenting the name "judge" when
  # it asks for a DHCP lease.
  #dhcp-host=judge
  # Never offer DHCP service to a machine whose Ethernet
  # address is 11:22:33:44:55:66
  #dhcp-host=11:22:33:44:55:66,ignore
  # Ignore any client-id presented by the machine with Ethernet
  # address 11:22:33:44:55:66. This is useful to prevent a machine
  # being treated differently when running under different OS's or
  # between PXE boot and OS boot.
  #dhcp-host=11:22:33:44:55:66,id:*
  # Send extra options which are tagged as "red" to
  # the machine with Ethernet address 11:22:33:44:55:66
  #dhcp-host=11:22:33:44:55:66,set:red
  # Send extra options which are tagged as "red" to
  # any machine with Ethernet address starting 11:22:33:
  #dhcp-host=11:22:33:*:*:*,set:red
  # Give a fixed IPv6 address and name to client with
  # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
  # Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
  # Note also the they [] around the IPv6 address are obilgatory.
  #dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
  # Ignore any clients which are not specified in dhcp-host lines
  # or /etc/ethers. Equivalent to ISC "deny unknown-clients".
  # This relies on the special "known" tag which is set when
  # a host is matched.
  #dhcp-ignore=tag:!known
  # Send extra options which are tagged as "red" to any machine whose
  # DHCP vendorclass string includes the substring "Linux"
  #dhcp-vendorclass=set:red,Linux
  # Send extra options which are tagged as "red" to any machine one
  # of whose DHCP userclass strings includes the substring "accounts"
  #dhcp-userclass=set:red,accounts
  # Send extra options which are tagged as "red" to any machine whose
  # MAC address matches the pattern.
  #dhcp-mac=set:red,00:60:8C:*:*:*
  # If this line is uncommented, dnsmasq will read /etc/ethers and act
  # on the ethernet-address/IP pairs found there just as if they had
  # been given as --dhcp-host options. Useful if you keep
  # MAC-address/host mappings there for other purposes.
  #read-ethers
  # Send options to hosts which ask for a DHCP lease.
  # See RFC 2132 for details of available options.
  # Common options can be given to dnsmasq by name:
  # run "dnsmasq --help dhcp" to get a list.
  # Note that all the common settings, such as netmask and
  # broadcast address, DNS server and default route, are given
  # sane defaults by dnsmasq. You very likely will not need
  # any dhcp-options. If you use Windows clients and Samba, there
  # are some options which are recommended, they are detailed at the
  # end of this section.
  # Override the default route supplied by dnsmasq, which assumes the
  # router is the same machine as the one running dnsmasq.
  #dhcp-option=3,1.2.3.4
  # Do the same thing, but using the option name
  #dhcp-option=option:router,1.2.3.4
  # Override the default route supplied by dnsmasq and send no default
  # route at all. Note that this only works for the options sent by
  # default (1, 3, 6, 12, 28) the same line will send a zero-length option
  # for all other option numbers.
  #dhcp-option=3
  # Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
  #dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
  # Send DHCPv6 option. Note [] around IPv6 addresses.
  #dhcp-option=option6:dns-server,[1234::77],[1234::88]
  # Send DHCPv6 option for namservers as the machine running
  # dnsmasq and another.
  #dhcp-option=option6:dns-server,[::],[1234::88]
  # Ask client to poll for option changes every six hours. (RFC4242)
  #dhcp-option=option6:information-refresh-time,6h
  # Set the NTP time server address to be the same machine as
  # is running dnsmasq
  #dhcp-option=42,0.0.0.0
  # Set the NIS domain name to "welly"
  #dhcp-option=40,welly
  # Set the default time-to-live to 50
  #dhcp-option=23,50
  # Set the "all subnets are local" flag
  #dhcp-option=27,1
  # Send the etherboot magic flag and then etherboot options (a string).
  #dhcp-option=128,e4:45:74:68:00:00
  #dhcp-option=129,NIC=eepro100
  # Specify an option which will only be sent to the "red" network
  # (see dhcp-range for the declaration of the "red" network)
  # Note that the tag: part must precede the option: part.
  #dhcp-option = tag:red, option:ntp-server, 192.168.1.1
  # The following DHCP options set up dnsmasq in the same way as is specified
  # for the ISC dhcpcd in
  # http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
  # adapted for a typical dnsmasq installation where the host running
  # dnsmasq is also the host running samba.
  # you may want to uncomment some or all of them if you use
  # Windows clients and Samba.
  #dhcp-option=19,0 # option ip-forwarding off
  #dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
  #dhcp-option=45,0.0.0.0 # netbios datagram distribution server
  #dhcp-option=46,8 # netbios node type
  # Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
  #dhcp-option=252,"\n"
  # Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
  # probably doesn't support this......
  #dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
  # Send RFC-3442 classless static routes (note the netmask encoding)
  #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
  # Send vendor-class specific options encapsulated in DHCP option 43.
  # The meaning of the options is defined by the vendor-class so
  # options are sent only when the client supplied vendor class
  # matches the class given here. (A substring match is OK, so "MSFT"
  # matches "MSFT" and "MSFT 5.0"). This example sets the
  # mtftp address to 0.0.0.0 for PXEClients.
  #dhcp-option=vendor:PXEClient,1,0.0.0.0
  # Send microsoft-specific option to tell windows to release the DHCP lease
  # when it shuts down. Note the "i" flag, to tell dnsmasq to send the
  # value as a four-byte integer - that's what microsoft wants. See
  # http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
  #dhcp-option=vendor:MSFT,2,1i
  # Send the Encapsulated-vendor-class ID needed by some configurations of
  # Etherboot to allow is to recognise the DHCP server.
  #dhcp-option=vendor:Etherboot,60,"Etherboot"
  # Send options to PXELinux. Note that we need to send the options even
  # though they don't appear in the parameter request list, so we need
  # to use dhcp-option-force here.
  # See http://syslinux.zytor.com/pxe.php#special for details.
  # Magic number - needed before anything else is recognised
  #dhcp-option-force=208,f1:00:74:7e
  # Configuration file name
  #dhcp-option-force=209,configs/common
  # Path prefix
  #dhcp-option-force=210,/tftpboot/pxelinux/files/
  # Reboot time. (Note 'i' to send 32-bit value)
  #dhcp-option-force=211,30i
  # Set the boot filename for netboot/PXE. You will only need
  # this is you want to boot machines over the network and you will need
  # a TFTP server; either dnsmasq's built in TFTP server or an
  # external one. (See below for how to enable the TFTP server.)
  #dhcp-boot=pxelinux.0
  # The same as above, but use custom tftp-server instead machine running dnsmasq
  #dhcp-boot=pxelinux,server.name,192.168.1.100
  # Boot for Etherboot gPXE. The idea is to send two different
  # filenames, the first loads gPXE, and the second tells gPXE what to
  # load. The dhcp-match sets the gpxe tag for requests from gPXE.
  #dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
  #dhcp-boot=tag:!gpxe,undionly.kpxe
  #dhcp-boot=mybootimage
  # Encapsulated options for Etherboot gPXE. All the options are
  # encapsulated within option 175
  #dhcp-option=encap:175, 1, 5b # priority code
  #dhcp-option=encap:175, 176, 1b # no-proxydhcp
  #dhcp-option=encap:175, 177, string # bus-id
  #dhcp-option=encap:175, 189, 1b # BIOS drive code
  #dhcp-option=encap:175, 190, user # iSCSI username
  #dhcp-option=encap:175, 191, pass # iSCSI password
  # Test for the architecture of a netboot client. PXE clients are
  # supposed to send their architecture as option 93. (See RFC 4578)
  #dhcp-match=peecees, option:client-arch, 0 #x86-32
  #dhcp-match=itanics, option:client-arch, 2 #IA64
  #dhcp-match=hammers, option:client-arch, 6 #x86-64
  #dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
  # Do real PXE, rather than just booting a single file, this is an
  # alternative to dhcp-boot.
  #pxe-prompt="What system shall I netboot?"
  # or with timeout before first available action is taken:
  #pxe-prompt="Press F8 for menu.", 60
  # Available boot services. for PXE.
  #pxe-service=x86PC, "Boot from local disk"
  # Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
  #pxe-service=x86PC, "Install Linux", pxelinux
  # Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
  # Beware this fails on old PXE ROMS.
  #pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
  # Use bootserver on network, found my multicast or broadcast.
  #pxe-service=x86PC, "Install windows from RIS server", 1
  # Use bootserver at a known IP address.
  #pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
  # If you have multicast-FTP available,
  # information for that can be passed in a similar way using options 1
  # to 5. See page 19 of
  # http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
  # Enable dnsmasq's built-in TFTP server
  #enable-tftp
  # Set the root directory for files available via FTP.
  #tftp-root=/var/ftpd
  # Make the TFTP server more secure: with this set, only files owned by
  # the user dnsmasq is running as will be send over the net.
  #tftp-secure
  # This option stops dnsmasq from negotiating a larger blocksize for TFTP
  # transfers. It will slow things down, but may rescue some broken TFTP
  # clients.
  #tftp-no-blocksize
  # Set the boot file name only when the "red" tag is set.
  #dhcp-boot=tag:red,pxelinux.red-net
  # An example of dhcp-boot with an external TFTP server: the name and IP
  # address of the server are given after the filename.
  # Can fail with old PXE ROMS. Overridden by --pxe-service.
  #dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
  # If there are multiple external tftp servers having a same name
  # (using /etc/hosts) then that name can be specified as the
  # tftp_servername (the third option to dhcp-boot) and in that
  # case dnsmasq resolves this name and returns the resultant IP
  # addresses in round robin fasion. This facility can be used to
  # load balance the tftp load among a set of servers.
  #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
  # Set the limit on DHCP leases, the default is 150
  #dhcp-lease-max=150
  # The DHCP server needs somewhere on disk to keep its lease database.
  # This defaults to a sane location, but if you want to change it, use
  # the line below.
  #dhcp-leasefile=/var/lib/misc/dnsmasq.leases
  # Set the DHCP server to authoritative mode. In this mode it will barge in
  # and take over the lease for any client which broadcasts on the network,
  # whether it has a record of the lease or not. This avoids long timeouts
  # when a machine wakes up on a new network. DO NOT enable this if there's
  # the slightest chance that you might end up accidentally configuring a DHCP
  # server for your campus/company accidentally. The ISC server uses
  # the same option, and this URL provides more information:
  # http://www.isc.org/files/auth.html
  #dhcp-authoritative
  # Run an executable when a DHCP lease is created or destroyed.
  # The arguments sent to the script are "add" or "del",
  # then the MAC address, the IP address and finally the hostname
  # if there is one.
  #dhcp-script=/bin/echo
  # Set the cachesize here.
  #cache-size=150
  # If you want to disable negative caching, uncomment this.
  #no-negcache
  # Normally responses which come from /etc/hosts and the DHCP lease
  # file have Time-To-Live set as zero, which conventionally means
  # do not cache further. If you are happy to trade lower load on the
  # server for potentially stale date, you can set a time-to-live (in
  # seconds) here.
  #local-ttl=
  # If you want dnsmasq to detect attempts by Verisign to send queries
  # to unregistered .com and .net hosts to its sitefinder service and
  # have dnsmasq instead return the correct NXDOMAIN response, uncomment
  # this line. You can add similar lines to do the same for other
  # registries which have implemented wildcard A records.
  #bogus-nxdomain=64.94.110.11
  # If you want to fix up DNS results from upstream servers, use the
  # alias option. This only works for IPv4.
  # This alias makes a result of 1.2.3.4 appear as 5.6.7.8
  #alias=1.2.3.4,5.6.7.8
  # and this maps 1.2.3.x to 5.6.7.x
  #alias=1.2.3.0,5.6.7.0,255.255.255.0
  # and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
  #alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
  # Change these lines if you want dnsmasq to serve MX records.
  # Return an MX record named "maildomain.com" with target
  # servermachine.com and preference 50
  #mx-host=maildomain.com,servermachine.com,50
  # Set the default target for MX records created using the localmx option.
  #mx-target=servermachine.com
  # Return an MX record pointing to the mx-target for all local
  # machines.
  #localmx
  # Return an MX record pointing to itself for all local machines.
  #selfmx
  # Change the following lines if you want dnsmasq to serve SRV
  # records. These are useful if you want to serve ldap requests for
  # Active Directory and other windows-originated DNS requests.
  # See RFC 2782.
  # You may add multiple srv-host lines.
  # The fields are <name>,<target>,<port>,<priority>,<weight>
  # If the domain part if missing from the name (so that is just has the
  # service and protocol sections) then the domain given by the domain=
  # config option is used. (Note that expand-hosts does not need to be
  # set for this to work.)
  # A SRV record sending LDAP for the example.com domain to
  # ldapserver.example.com port 389
  #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
  # A SRV record sending LDAP for the example.com domain to
  # ldapserver.example.com port 389 (using domain=)
  #domain=example.com
  #srv-host=_ldap._tcp,ldapserver.example.com,389
  # Two SRV records for LDAP, each with different priorities
  #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
  #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
  # A SRV record indicating that there is no LDAP server for the domain
  # example.com
  #srv-host=_ldap._tcp.example.com
  # The following line shows how to make dnsmasq serve an arbitrary PTR
  # record. This is useful for DNS-SD. (Note that the
  # domain-name expansion done for SRV records _does_not
  # occur for PTR records.)
  #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
  # Change the following lines to enable dnsmasq to serve TXT records.
  # These are used for things like SPF and zeroconf. (Note that the
  # domain-name expansion done for SRV records _does_not
  # occur for TXT records.)
  #Example SPF.
  #txt-record=example.com,"v=spf1 a -all"
  #Example zeroconf
  #txt-record=_http._tcp.example.com,name=value,paper=A4
  # Provide an alias for a "local" DNS name. Note that this _only_ works
  # for targets which are names from DHCP or /etc/hosts. Give host
  # "bert" another name, bertrand
  #cname=bertand,bert
  # For debugging purposes, log each DNS query as it passes through
  # dnsmasq.
  #log-queries
  # Log lots of extra information about DHCP transactions.
  #log-dhcp
  # Include another lot of configuration options.
  #conf-file=/etc/dnsmasq.more.conf
  #conf-dir=/etc/dnsmasq.d
  Basically it has only 3 lines:
  domain-needed
  bogus-priv
  dhcp-range=192.168.1.0,192.168.1.150,12h
  I also turned the forwarding on
  # echo 1 >/proc/sys/net/ipv4/ip_forward
  This is my bridge-profile
  /etc/netctl/bridge-profile
  Description="Bridge"
  Interface=br0
  Connection=bridge
  BindsToInterfaces=(enp11s0f0 enp11s0f1)
  IP=dhcp
  #Address=('192.168.1.1/24')
  #SkipNoCarrier=yes
  #Broadcast="192.168.1.255"
  ## sets forward delay time
  #FwdDelay=0
  ## sets max age of hello message
  #MaxAge=10
  when i try to start this profile with netctl start bridge-profile nothing happens and after I will abort process (ctrl+c) this is what i find in journalctl -xn
  Aug 05 11:31:09 localhost dnsmasq-dhcp[497]: DHCP packet received on enp11s0f0 which has no address
  Aug 05 11:31:13 localhost dnsmasq-dhcp[497]: DHCP packet received on enp11s0f0 which has no address
  Aug 05 11:31:14 localhost dnsmasq-dhcp[497]: DHCP packet received on enp11s0f0 which has no address
  Aug 05 11:31:19 localhost dnsmasq-dhcp[497]: DHCP packet received on enp11s0f0 which has no address
  Aug 05 11:32:24 localhost dnsmasq-dhcp[497]: DHCP packet received on enp11s0f0 which has no address
  Aug 05 11:32:29 localhost dnsmasq-dhcp[497]: DHCP packet received on enp11s0f0 which has no address
  Same happens is i try to assign static ip for the bridge. Any help is much appreciated as i have loads of equipment behind that network adapter that i can't run right now.
  Last edited by verb0ss (2013-08-07 18:27:36)

  It appears that I can't set up my bridge interface.
  Description="Bridge"
  Interface=br0
  Connection=bridge
  BindsToInterfaces=(enp11s0f0 enp11s0f1)
  IP=static
  Address=('192.168.1.1/24')
  And this is my journalctl -xn output:
  [root@localhost ~]# journalctl -xn
  -- Logs begin at Tue 2013-07-30 23:47:51 BST, end at Tue 2013-08-06 10:28:45 BST. --
  Aug 06 10:28:44 localhost network[308]: /usr/lib/network/network: line 17: /sys/class/net/br0/flags: No such file or directory
  Aug 06 10:28:44 localhost network[308]: /usr/lib/network/network: line 17: /sys/class/net/br0/flags: No such file or directory
  Aug 06 10:28:44 localhost network[308]: /usr/lib/network/network: line 17: /sys/class/net/br0/flags: No such file or directory
  Aug 06 10:28:45 localhost network[308]: /usr/lib/network/network: line 17: /sys/class/net/br0/flags: No such file or directory
  Aug 06 10:28:45 localhost network[308]: Cannot find device "br0"
  Aug 06 10:28:45 localhost network[308]: Could not add address '192.168.1.1/24' to interface 'br0'
  Aug 06 10:28:45 localhost network[308]: Failed to bring the network up for profile 'bridge-profile'
  Aug 06 10:28:45 localhost systemd[1]: netctl@bridge\x2dprofile.service: main process exited, code=exited, status=1/FAILURE
  Aug 06 10:28:45 localhost systemd[1]: Failed to start Networking for netctl profile bridge-profile.
  -- Subject: Unit netctl@bridge\x2dprofile.service has failed
  -- Defined-By: systemd
  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
  -- Documentation: http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d
  -- Unit netctl@bridge\x2dprofile.service has failed.
  -- The result is failed.
  Aug 06 10:28:45 localhost systemd[1]: Unit netctl@bridge\x2dprofile.service entered failed state.
  I'm even unable to make a working profile just for one of the ports:
  ip link set enp11s0f0 down
  ip link set enp11s0f1 down
  Description="Bridge"
  Interface=enp11s0f0
  Connection=ethernet
  IP=static
  Address=('192.168.1.1/24')
  I'm ending up with this:
  [root@localhost netctl]# journalctl -xn
  -- Logs begin at Tue 2013-07-30 23:47:51 BST, end at Tue 2013-08-06 10:32:57 BST. --
  Aug 06 10:32:52 localhost systemd[1]: Starting Networking for netctl profile enp11s0f0...
  -- Subject: Unit [email protected] has begun with start-up
  -- Defined-By: systemd
  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
  -- Unit [email protected] has begun starting up.
  Aug 06 10:32:52 localhost network[381]: Starting network profile 'enp11s0f0'...
  Aug 06 10:32:52 localhost kernel: e1000e 0000:0b:00.0: irq 57 for MSI/MSI-X
  Aug 06 10:32:52 localhost kernel: e1000e 0000:0b:00.0: irq 57 for MSI/MSI-X
  Aug 06 10:32:52 localhost kernel: IPv6: ADDRCONF(NETDEV_UP): enp11s0f0: link is not ready
  Aug 06 10:32:57 localhost network[381]: No connection on interface 'enp11s0f0'
  Aug 06 10:32:57 localhost network[381]: Failed to bring the network up for profile 'enp11s0f0'
  Aug 06 10:32:57 localhost systemd[1]: [email protected]: main process exited, code=exited, status=1/FAILURE
  Aug 06 10:32:57 localhost systemd[1]: Failed to start Networking for netctl profile enp11s0f0.
  -- Subject: Unit [email protected] has failed
  -- Defined-By: systemd
  -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
  -- Documentation: http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d
  -- Unit [email protected] has failed.
  -- The result is failed.
  Aug 06 10:32:57 localhost systemd[1]: Unit [email protected] entered failed state.

• Where/how to troubleshoot external gateway and internal connection brokers etc.??????

  We have gateway.domain.org as our external/internal gateway server.
  It goes from gateway.domain.org to rdbroker.domain.local, rdbroker is the DNS address for two connection broker servers.
  After this it should set up the connection and create a remote desktop to one of the RDS host servers in the RDS host farm.
  Sometimes this works, sometimes it doesn't -- for different user accounts and different computers.
  How to troubleshoot this??
  We know the firewall rules for DMZ etc. etc. are properly configured because everything IS observed to work, just not all the time consistently. We get errors about cannot contact the computer, cannot establish remote desktop connection...
  Thank you, Tom

  Hi Tom,
  Firstly, you need to recheck the DNS entry is well setup for your case. Are you using DNS RR for Load balancing the server or 3rd party load balancer? Have you setup the proper certificate for your case?
  Please check whether required ports is opened? We need to open TCP port 443 and UDP port 3391 and forward them to your RD Gateway server. Also need to specify the external FQDN of your RD Gateway server in deployment properties under RDS server manager. If
  you have RDWeb and RDG on the same server this would be the same FQDN that your users will use for RDWeb. Please see whether you have properly configured RD RAP and RD CAP policy. 
  You can go through beneath article for more details.
  Step by Step Windows 2012 R2 Remote Desktop Services – Part 3
  https://msfreaks.wordpress.com/2013/12/26/windows-2012-r2-remote-desktop-services-part-3/
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Help with Gateway TG799 Firewall settings Please

   We have a Telstra Gateway Max TG799vac.
  We have recently acquired our own domain name and have setup up an online store on Shopify.
  So the underlying web address (on myshopify.com) is not the same as our URL of the shop.When we try to access the new site from any computer or device from within our house
  we are blocked 90% of the time. It occasionally will connect. We are therefore unable to do admin on our own site.
  I have tried USB tethering thru my phone's data and works 100% no worries. This bypasses the gateway and Telstra of course.
  Anyone outside our home can always connect no worries.I have suspected the Firewall in the gateway TG799 device.
  So I went into settings and changed the firewall setting down to the LOW setting.
  Then we can connect all the time.
  When in NORMAL or HIGH then we get this intermittent (mostly failed) connection.
  After this experiment I am convinced it has something to do with the internal firewall.There is also a USER DEFINED section where you can set your own firewall rules
  but I don't know enuff about what to do in there to experiment.
  But I think I could set up a rule in there to allow this site to work for us if I knew how to go about it.I have been unable to find anyone within the normal Telstra tech help line who can help with this.Does anyone on here have any such knowledge or can give me a pointer where I can read/learn about how to do this for myself.Any help will be greatly appreciated.

  Thanks Steph,The fact that these devices are updated by Telstra remotely without our prior knowledge explains alot.It explains why the problem I first reported just started to happen out of the blue.It also explains why it just as mysteriously disappeared. It also explains why we suddenly had trouble with our phones dropping the wifi connection constantly.And why that suddenly fixed itself as well. It also explains why we suddenly got a monstrous over-use on our data bill on our Telstra mobile.We thought we were safe in our own house to use data on this phone knowing it was connected to our wifi and therfore our BigPond plan. What we did not know was that the phone was loosing sync with the wifi and therefore dropping back to 3G plan data use without our knowledge. My wife had been using her phone to connect to a Chinese movie streaming site and of course when the wifi dropped out she did not know she was streaming thru her 3G plan. Massive unexplained data over-use resulted. I had a rough time convincing your billing organisation that we were using wifi (or thought we were anyway) for the movies and they would not believe us therefore the monster bills were upheld. We did not reaslise until far too late that the phone was loosing the wifi connection without us knowing. We have stopped using that service now and as soon as the credit we accumulated with the associated billing stuff-ups is used up we will be leaving Telstra for another less troublesome provider. How about giving us poor defenseless users some notice that our devices have been updated and a summary of what aspects have been changed. Just like happens with apps on the Google Play store. I will now be approaching your billing organisation once more armed with this knowledge. My argument will be that our over-use on 3G data stemmed from a bad firmware update without our knowledge in your modem causing us to over-use 3G data we were not aware of. This time if they don't listen then it will be time for a complaint to the TIO. And perhaps even a media story. Disgusting service! And one angry Telstra customer.

• How do I set up my Time Machine and Mac Mini with Lion Server so i have one wifi loop in the house?

  HELP!
  So I have had a Time Machine wifi loop at the house for approx. 6 years. I run two Macbooks, 2 iPhones, 2 iTouch and a Samsung Smart Blueray on the loop.
  I just bought a Mac Mini with Lion Server. When setting it up I'm not sure what or how I managed to do, but I now have 2 wifi loops, one doesn't lock and niether will support the Samsung BlueRay. Also, each time I want to go online with one of the other Mac devices i have to relog into the wifi loop.
  Can someone please walk me through the fix. The mac Mini is plugged straight into the Time Machine to recevie its internet connection.
  Thanks!
  John

  You often see this limit of 10 clients in wireless hotspots but I have yet to see it in an adsl modem.. most strange way to pay for a service that is really irrelevant how many clients you use.
  Have a go .. I recently setup a TC to help a guy run his Roku.. and this setup worked well.. I have no idea if it can work in your case.
  Lets say the IP you get is 192.168.2.1-10 .. doesn't matter what it really is. And the adsl modem is 192.168.2.254
  (Assuming they are private addresses.. if they are public IP you can just use the DHCP and NAT. )
  But go to the airport utility.. I think you need to run v5 at least to change DNS.. but you can do the same thing in v6 using static but no dns changes.
  Now you set the IP of the TC manually.. This address might need to be in the dhcp range of the modem to work. You can set the DNS to same IP as the router address.. ie home address of the modem. Or you can use another DNS.. whatever you like.
  Then set DHCP for clients that will join.. this can then expand the scope of addresses..
  It worked without a NAT error.. although I am not sure exactly how.. on paper it should not be able to work but did.. have a go.. otherwise there is perhaps another way.. but it is complicated.
  Give us an example from a computer plugged into the modem of what IP .. subnet mask .. Gateway and DNS you get. Then I can fine tune the values for it.

• Setting Up VLAN and QoS for VOIP on SG200-18

  We recently purchased the SG200-18 smart switch to replace a Netgear unmanaged switch. We're moving our phone service to VOIP through our local ISP as well. 
  I've currently got the VOIP phone plugged into Port 17 on the SG200-18 (it's a Grandstream cordless VOIP phone).
  I want to put the VOIP phone on a separate VLAN from the rest of the network and optimize the QoS settings so that the VOIP phone has exceptional audio quality even during intense network traffic.
  Here's my questions:
  1. Do I need to adjust anything on the type of port for Port 17 (since it looks like some form of Combo port)?
  2. How do I go about isolating the VOIP phone on it's own VLAN (I'm seeing VLAN and Voice VLAN settings, not sure which one to use; I tried setting a VLAN and broke Internet connectivity to the phone until I went in and removed it)?
  3. Do I need to adjust any QoS settings on the switch to better optimize the VOIP phone?
  A couple of additional questions about the GS200-18 in general:
  1. Do I need to adjust any of the System Time Settings on the switch? I'm in Central Time.
  2. Do I need to adjust any of the Green Ethernet/Energy Saving settings or should I stick with the defaults?
  Also, a couple of "getting started" side questions to Cisco:
  1. I've registered a My Cisco account. What do I need to do to register my switch with Cisco and associate it with my My Cisco account?
  2. What are the benefits of taking out a Cisco Small Business Support Contract, and about how much would it cost on the SG200-18 (I ordered it from Provantage)? I'm curious to see if it's worth the money.
  Here's my "specs":
  Switch: SG200-18
  VOIP phone: Grandstream DP715 and 710 expandable handsets
  Plugged into: Port 17 on the SG200-18
  ISP: Local ISP (Direclynx)
  Connection type: 3M down/500k up DSL, moving to a wireless connection coming up which will give us faster speeds
  VOIP backend provider: VOIP Innovations
  Router: Apple Airport Extreme AC model (I run all Macs and iOS devices and OS X Server on the network, so using the Apple router makes setup easier, since it doesn't QoS, trying to QoS and VLAN at the switch level)
  Thanks everyone!

  Hello,
  Lots of different questions here so I'll try to make sure I don't miss anything.
  1. Do I need to adjust anything on the type of port for Port 17 (since it looks like some form of Combo port)?
     The way the combo ports work is you can either use the SFP slot for a fiber connection or the copper ethernet port, but not both at the same time.  Other then that they just function as normal network ports.
  2. How do I go about isolating the VOIP phone on it's own VLAN (I'm seeing VLAN and Voice VLAN settings, not sure which one to use; I tried setting a VLAN and broke Internet connectivity to the phone until I went in and removed it)?
     It sounds like you created the VLAN correctly and assigned the phone, however there wasn't anything doing any routing for that VLAN.  You would need to have a VLAN capable router or a layer 3 switch so that something would act as the default gateway for the voice VLAN and route the traffic for you.  Since there was nothing like this your phone lost it's connectivity to the internet when you placed it in the new VLAN.  I don't think the Airport is VLAN capable, but we will come back to that.
  3. Do I need to adjust any QoS settings on the switch to better optimize the VOIP phone?
     Once you have a seperate VLAN setup for the phone properly you only have to tell the switch what your Auto Voice VLAN is going to be and it will automatically apply recommended QoS settings for the Voice VLAN and prioritize the voice traffic.  There are ways to do this manually and even with the phone in the same VLAN however the are considerably more complicated.
  1. Do I need to adjust any of the System Time Settings on the switch? I'm in Central Time.
     The system time isn't always very important.  You can set the correct time zone, however you should know the switch does not have a battery in it to keep track of time, so if/when it reboots or loses power the clock will reset.  If you would like the switch to maintain accurate time you should setup an NTP server so the time is automatically updated from the internet.  The switch will keep your timezone settings once you save them.  Time is mostly important for logging and things like that, so you can configure it if you like but it is not necessary.
  2. Do I need to adjust any of the Green Ethernet/Energy Saving settings or should I stick with the defaults?
     Green ethernet simply reduces the power usage of the switch slightly, so unless you are having odd issues where ports are disconnecting, I would just leave them at the defaults.
  1. I've registered a My Cisco account. What do I need to do to register my switch with Cisco and associate it with my My Cisco account?
     There isn't really a way to associate your Small Business devices with your Cisco account.  If you ever call in for technical support we will use your Cisco account and your serial number to create a support case, but even then they aren't linked together.  If you decide to buy a support contract, that will be linked to your switch's S/N and your Cisco ID, so in a way that would associate them together.  Devices being associated with Cisco accounts is something more common with Enterprise equipment, and mainly has to do with technical support cases.
  2. What are the benefits of taking out a Cisco Small Business Support Contract, and about how much would it cost on the SG200-18 (I ordered it from Provantage)? I'm curious to see if it's worth the money.
     There are a few advantages to a Support Contact.  Your switch comes with a Limited Lifetime warranty that includes 1 year of technical support and return to factory hardware.  With a service contract you get 3 years of technical support and next business day Advanced Replacement of the switch if it need to be replaced.  I just did a quick google search, and it looks like a contract (part #CON-SBS-SVC2) costs about $50.
  So there are a few other things to consider however.
  As a frame of reference the average VOIP call uses about 64 - 128 kbps max.
  Since you don't have a VLAN capable router or a layer 3 switch, a separate voice VLAN may not be an option.   You also mention that the Apple Airport does not do QoS, meaning we will only be prioritizing the voice traffic while it is on the switch.  When it is passed off to the Airport to be routed out to the internet all of the QoS settings will be lost, and normal network traffic will get the same priority as voice, since that is all up to the Airport.
  With one phone the hassle of getting more equipment and setting up advanced QoS isn't really worth it, especially if the link to the internet isn't going to be participating in QoS.
  One last thing I wanted to mention is you are switching to a wireless internet connection.  I would ask them how their latency and jitter is, as these two network statistics greatly effect voice quality, and usually wireless performs worse when it comes to voice traffic.
  I hope this information helps, if you have any more questions just let me know.
  Thank you for choosing Cisco,
  Christopher Ebert - Network Support Engineer 
  Cisco Small Business Support Center

• Trouble with socket gateway and an as3 xmlsocket connection

  I succesfully set up the socket gateway and am able to conect to the CF socket gateway and send data from flash to the gateway.
  The error I keep getting is when I add return value to the "onIncomingMessage"... cf error always logs "Cannot send outgoing message. OriginatorID "123124124" is not a valid socket id.
  I am passing the originatorID as in the docs.... my question is what is a valid originatorID?
  <cffunction name="onIncomingMessage" output="no">
  <cfargument name="CFEvent" type="struct" required="yes">
  <!--- Create a return structure that contains the message. --->
  <!--- Get the message. --->
     <cfset message="#CFEvent.Data.message#">
     <!--- Where did it come from? --->
     <cfset orig="#CFEvent.OriginatorID#">
  <cfset retValue = structNew()>
  <cfset retValue.OriginatorID = orig>
  <cfset retValue.MESSAGE = message>
  <!--- Send the return message back. --->
  <cfreturn retValue>
  </cffunction>
  I really hope I can get an answer hardly any docs or anything online on how to correctly return a message via a socket gateway.
  Thank you.

  I succesfully set up the socket gateway and am able to conect to the CF socket gateway and send data from flash to the gateway.
  The error I keep getting is when I add return value to the "onIncomingMessage"... cf error always logs "Cannot send outgoing message. OriginatorID "123124124" is not a valid socket id.
  I am passing the originatorID as in the docs.... my question is what is a valid originatorID?
  <cffunction name="onIncomingMessage" output="no">
  <cfargument name="CFEvent" type="struct" required="yes">
  <!--- Create a return structure that contains the message. --->
  <!--- Get the message. --->
     <cfset message="#CFEvent.Data.message#">
     <!--- Where did it come from? --->
     <cfset orig="#CFEvent.OriginatorID#">
  <cfset retValue = structNew()>
  <cfset retValue.OriginatorID = orig>
  <cfset retValue.MESSAGE = message>
  <!--- Send the return message back. --->
  <cfreturn retValue>
  </cffunction>
  I really hope I can get an answer hardly any docs or anything online on how to correctly return a message via a socket gateway.
  Thank you.

• Connecting to mac with SMB and Firewall

  Hi. I have an iMac running snow leopard, an older macbook running leopard, and a xbox running xbmc on the same network with an older extreme base station. The problem I've been having is accessing the iMac from the other devices using smb. I've found that I can connect fine with the iMac's firewall off, but can't while it is on, even though it is set to allow smb connections.
  The reason I want to use smb is that the xbox can only use smb to stream data. Is there anyway I can set the iMac's firewall up so that it will allow smb connections? I have smb file sharing enabled and the firewall shows that file sharing (sbm) connections are allowed. Ive checked the log and it says it is blocking smb connection attempts on ports 445 and 139.
  Thanks for any help!

  Exactly. Firewall shows that smb connections are allowed, and, in sharing, file sharing is enabled with smb enabled for my account in options.
  so for file sharing, I have Sys Prefs>Sharing>File Sharing ticked; and Sharing>File Sharing>Options>SMB ticked and my account ticked.
  Thanks.

• Clarification on differences between Gateway and Generic Services

  Hi
  I am trying to connect an MS SQL Server 7.0 on NT database to Oracle 8.1.7 Release 3.
  Can I use the standard Oracle Heteregeneous Services OR do I HAVE to use the Transparent Gateway for SQL Server?
  The documentation implies that the standard Hetegeregeous services bundled with 8i allow you to connect to any ODBC data source (although it constantly only makes reference to Access, Foxpro etc).
  I have successfully connected to MS Access and MS Project using Oracle Heteregeneous Services but am running into problems connecting to MS SQL 7.0. (I cannot get the 8i listener to recognize the hsodbc service, I get an Ora-12154).
  A definitive answer will be most appreciated.
  Thanks,
  Charles Farnell.
  [email protected]

  Vira
  Thanks for your post. I have listed below my tnsnames.ora (partial), listener.ora (partial), inithsodbc.ora and database link DDL. I found a post on Metalink that says the SQL Server machine has to have the Oracle client installed, if this is the case then that could be my problem. Also, it mentioned the PORT in tnsnames.ora should be set to 1433 (the default port for SQL Server). I have tried 1521 and 1433.
  If you could look at these and see if there are any obvious mistakes , I would be most grateful.
  ERROR OUTPUT (item is a table in SQL Server)
  ============
  SQL*Plus: Release 8.1.7.0.0 - Production on Mon Apr 8 16:45:16 2002
  (c) Copyright 2000 Oracle Corporation. All rights reserved.
  Connected to:
  Oracle8i Enterprise Edition Release 8.1.7.1.1 - Production
  With the Partitioning option
  JServer Release 8.1.7.1.1 - Production
  SQL> select * from item@hsodbc;
  select * from item@hsodbc
  ERROR at line 1:
  ORA-12154: TNS:could not resolve service name
  SQL>
  TNSNAMES.ORA
  ============
  hsodbc =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = tcp)(HOST = sqlservermachine)(port=1521))
  (CONNECT_DATA =
  (SID = hsodbc) <== needs to match the sid in listener.ora.
  (HS=OK) <== HS clause goes in the description.
  LISTENER.ORA
  ============
  (SID_DESC =
  (SID_NAME = hsodbc
  (ORACLE_HOME = E:\oracle\ora81)
  (PROGRAM = hsodbc)
  INITHSODBC.ORA
  ==============
  # This is a sample agent init file that contains the HS parameters that are
  # needed for an ODBC Agent.
  # HS init parameters
  HS_FDS_CONNECT_INFO = sqlservermachine.TRN_770B
  HS_FDS_TRACE_LEVEL = 4
  HS_FDS_TRACE_FILE_NAME = hsodbc.trc
  # Environment variables required for the non-Oracle system
  #set <envvar>=<value>
  DATABASE LINK
  =============
  CREATE DATABASE LINK hsodbc
  USING 'hsodbc'
  SQLNET.ORA
  ==========
  # SQLNET.ORA Network Configuration File: e:\oracle\ora81\network\admin\sqlnet.ora
  # Generated by Oracle configuration tools.
  #SQLNET.AUTHENTICATION_SERVICES= (NTS)
  NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)

• Best connection with U-verse Gateway and AirPort Extreme

  These past couple of weeks I've been having problems where my AirPort Extreme (connected to my U-verse Gateway) has been randomly rebooting. I had Apple exchange the entire unit along with power cables and AT&T has already switched out the Gateway and it was STILL rebooting. I finally reset both to factory settings and started fresh. I turned off the Wireless on the U-verse Gateway and the Extreme is in Bridge Mode. That is how its always been and luckily fixed the rebooting. I am now having issues with my devices losing connection. For example, on my iPad Air, it'll show it is connected to my Network, but going onto Safari and trying to load a page gives me the "Server Not Responding" error. Issues also happen on not only Apple devices, but on a Wii U where I get connection errors. I HAVE NOT had these problems on my iMac (which is wireless), just on these other devices. I have not messed around with DMZ Plus Mode or changed any settings on the Gateway other than turning off the Wireless. I think it might have something to do with IP Addresses or something, but I am really not sure. If you have this same set-up, are you having these issues or what settings do I need to change? Thank you!
  U-verse Gateway Model: 3801 HGV
  AirPort Extreme 5th Generation

  Ok so I began by reseting both devices and that fixed the majority of the "Server Not Responding" errors. BUT now I'm getting the problem where the AirPort Extreme randomly reboots. Like all of a sudden, all my devices will be disconnected from WiFi. When I go to the router, the Amber light is blinking then goes back to green. This was the issue from the very beginning and it really is very annoying. Can anyone help? If not, I'll try to contact AppleCare and post their solution in case somebody else is having these issues.

• RD Gateway and RD Web Access - better together or on different servers?

  I am evaluating Remote Desktop Services with 2012 R2 and initially I had all the roles on 1 server for testing.  I began thinking it would be a better setup to split the RD Gateway role and the RD Webaccess role into different servers for security purposes.
   This way I could expose only the RD Gateway to the internet and the Web Access role would not be exposed.  In all my reading and searching it seems that nearly every article I come upon has both RD Gateway and Web Access installed on the same system.
  What is the ideal setup from a security standpoint to have the these two roles separate or does it not mater?  If it does not mater then I will setup 1 server with Gateway and Web Access and I will then have other servers for licensing, broker, session
  host, and visualization host once I move this into production.
  If these roles are on the same system how do I know if the gateway role is doing anything?  Is the FQDN\rdweb the correct URL to use even when the gateway is implemented?  
  If they are separate how do I tell the gateway and web access servers to use each other?  

  Hi,
  As far as I know, it’s fine to have RD Gateway and RD Web Access roles installed on the same server.
   “Normally external users would log on to RD Web Access via tcp port 443, click on a RemoteApp and connect to RD Gateway via
  tcp 443/udp 3391, RDG connects them to RDCB on tcp 3389 which redirects them to a RDSH server, finally the RDG connects to the RDSH on tcp 3389/udp 3389.”
  Quoted from TP in this post below:
  RD Gateway and RD web issue
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/5ab40559-23f7-4ebc-b60d-87375cc55674/rd-gateway-and-rd-web-issue?forum=winserverTS
  More links below for you:
  RD Gateway deployment in a perimeter network & Firewall rules
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  Remote Desktop Gateway/Web Server Placement
  https://social.technet.microsoft.com/forums/windowsserver/en-US/b2970cf5-a5b5-494c-88b7-cd6e01f84bb6/remote-desktop-gatewayweb-server-placement
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Hi looking for a bit of free  anti - virus and firewall for osx 10.8.2

  hi looking for a bit of free  anti - virus and firewall for osx 10.8.2 any pointers also any one used Mac cleaner ?

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. This feature is transparent to the user, but internally Apple calls it "XProtect." The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore reduces to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
  5. Java on the network (not to be confused with JavaScript, to which it's not related) is a weak point in the security of any operating system. If a Java web plugin is not installed, don't install one unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so can corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. If you don't need to do that, avoid it. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  8. The greatest danger posed by anti-virus software, in my opinion, is its effect on human behavior. When people install such software, which does little or nothing to protect them from emerging threats, they get a false sense of security from it, and then they may do things that make them more vulnerable. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use.