[Solved] iptables rules for machine running as openvpn server

Similar Messages

• [SOLVED] how to use diffrent iptables rules for different ppp account?

  x86 plantform run arch linux system , have two network interface etn1 eth0 .eth1 connect to internet. eth0 connect to other terminals through switch. want use different iptables rules for different pppoe account .also want to know how to forbidden more than one terminals established pppoe link use same account at the same time .
  Last edited by linuxsir (2013-09-26 06:48:01)

  (You establish PPPoE sessions over the local network to the Arch machine? Which then routes the traffic?)
  first question ,yes that is exactly what i am done. second question i also have a small  scripts on windows pc to solve routes traffic problem
  route -p delete 0.0.0.0
  route -p add 192.168.9.0 mask 255.255.255.0 192.168.9.1
  route -p add 0.0.0.0 mask 0.0.0.0 192.168.22.0
  but after a while i found scripts is not necessary because windows always attempt to use PPPoE sessions as default internet connection local connection is also ok
  and use  -i pppX in my iptables rules dose not  solve my problem , because same account start PPPoE session could be marked as ppp0 or ppp1. it is hard to identified which account start session.

• [solved] udev-rules for bluetooth PCMCIA

  My plan:
  get my bluetooth-PCMCIA card to work:
  CONCEPTONIC CBT100C
  Problem:
  I have to issue the following command for it to work:
  #hciattach ttyS0 bcsp
  Therefor I wrote following udev-rule that doesn't work:
  ##/etc/udev/rules.d/05-bluez-pcmcia-support.rules
  SUBSYSTEMS=="pcmcia", ATTRS{prod_id2}=="Bluetooth Card", RUN+="/usr/sbin/hciattach ttyS0 bcsp"
  My Question:
  Could someone explain to me why this rule does not work?
  Info:
  #pccardctl info
  PRODID_1="PCMCIA"
  PRODID_2="Bluetooth Card"
  PRODID_3=""
  PRODID_4=""
  MANFID=0279,950b
  FUNCID=2
  after #hciattach ttyS0 bcsp
  #udevinfo -a -p /sys/devices/pci0000\:00/0000\:00\:1e.0/0000\:06\:09.0/0.0/tty/ttyS0/
  KERNEL=="ttyS0"
  SUBSYSTEM=="tty"
  DRIVER==""
  ATTR{dev}=="4:64"
  looking at parent device '/devices/pci0000:00/0000:00:1e.0/0000:06:09.0/0.0/tty':
  KERNELS=="tty"
  SUBSYSTEMS==""
  DRIVERS==""
  looking at parent device '/devices/pci0000:00/0000:00:1e.0/0000:06:09.0/0.0':
  KERNELS=="0.0"
  SUBSYSTEMS=="pcmcia"
  DRIVERS=="serial_cs"
  ATTRS{modalias}=="pcmcia:m0279c950Bf02fn00pfn00pa281F1C5Dpb7664FB1Dpc00000000pd00000000"
  ATTRS{prod_id2}=="Bluetooth Card"
  ATTRS{prod_id1}=="PCMCIA"
  ATTRS{card_id}=="0x950b"
  ATTRS{manf_id}=="0x0279"
  ATTRS{func_id}=="0x02"
  ATTRS{pm_state}=="on"
  ATTRS{function}=="0x00"
  looking at parent device '/devices/pci0000:00/0000:00:1e.0/0000:06:09.0':
  KERNELS=="0000:06:09.0"
  SUBSYSTEMS=="pci"
  DRIVERS=="yenta_cardbus"
  ATTRS{msi_bus}=="1"
  ATTRS{broken_parity_status}=="0"
  ATTRS{enable}=="2"
  ATTRS{modalias}=="pci:v00001180d00000476sv0000144Dsd0000C01Ebc06sc07i00"
  ATTRS{local_cpus}=="f"
  ATTRS{irq}=="16"
  ATTRS{class}=="0x060700"
  ATTRS{subsystem_device}=="0xc01e"
  ATTRS{subsystem_vendor}=="0x144d"
  ATTRS{device}=="0x0476"
  ATTRS{vendor}=="0x1180"
  looking at parent device '/devices/pci0000:00/0000:00:1e.0':
  KERNELS=="0000:00:1e.0"
  SUBSYSTEMS=="pci"
  DRIVERS==""
  ATTRS{msi_bus}=="1"
  ATTRS{broken_parity_status}=="0"
  ATTRS{enable}=="1"
  ATTRS{modalias}=="pci:v00008086d00002448sv00000000sd00000000bc06sc04i01"
  ATTRS{local_cpus}=="f"
  ATTRS{irq}=="0"
  ATTRS{class}=="0x060401"
  ATTRS{subsystem_device}=="0x0000"
  ATTRS{subsystem_vendor}=="0x0000"
  ATTRS{device}=="0x2448"
  ATTRS{vendor}=="0x8086"
  looking at parent device '/devices/pci0000:00':
  KERNELS=="pci0000:00"
  SUBSYSTEMS==""
  DRIVERS==""
  ATTRS{uevent}==""
  #dmesg
  pccard: PCMCIA card inserted into slot 0
  cs: memory probe 0xb4000000-0xb40fffff: excluding 0xb4000000-0xb400ffff
  pcmcia: registering new device pcmcia0.0
  ttyS0: detected caps 00000700 should be 00000100
  0.0: ttyS0 at I/O 0x400 (irq = 3) is a 16C950/954
  Last edited by mehldutt (2007-08-07 18:04:37)

  I called it
  05-bluez-pcmcia-support.rules
  I rebooted but still no success.
  I also tried this:
  ACTION=="add", SUBSYSTEMS=="pcmcia", ATTRS{prod_id2}=="Bluetooth Card", RUN+="aplay /usr/share/sounds/phone.wav"
  But still no success

• [solved]DWM rules for opening terminal based apps

  These are the rules that I have in my dwm config.h
  The ncurses apps that open in the terminal do not follow the rules. How can accomplish this?
  static const Rule rules[] = {
  /* class instance title tags mask isfloating monitor */
  { "Gimp", NULL, NULL, 0, True, -1 },
  { "Firefox", NULL, NULL, 1 << 3, False, -1 },
  { "Pcmanfm", NULL, NULL, 1 << 1, False, -1 },
  { "ranger", NULL, NULL, 1 << 6, False, -1 },
  { "mutt", NULL, NULL, 1 << 7, False, -1 },
  { "ncmpc", NULL, NULL, 1 << 8, False, -1 },
  Last edited by derrickcope (2015-05-02 05:26:14)

  thanks for the suggestion. xprop just sees them as "terminator". When I start them with -T "title" then xprop sees them with "title".
  When I used the -T switch in .xinitrc and then changed my rules to
  static const Rule rules[] = {
  /* class instance title tags mask isfloating monitor */
  { "Gimp", NULL, NULL, 0, True, -1 },
  { "Firefox", NULL, NULL, 1 << 3, False, -1 },
  { "Pcmanfm", NULL, NULL, 1 << 1, False, -1 },
  { "ranger", NULL, "ranger", 1 << 6, False, -1 },
  { "mutt", NULL, "mutt", 1 << 7, False, 2 },
  { "ncmpc", NULL, "ncmpc", 1 << 8, False, 2 },
  They are still opening on the first monitor and not on the tag I set. I am not sure I am doing it correctly. Should I write terminator as the class?

• [SOLVED] udev rules for U2F FIDO Plug-up key

  I just received a cheap U2F FIDO key (http://www.amazon.com/Plug-up-Internati … 00OGPO3ZS/) but couldn't use it under Chrome 38. I had to add the following rule to /etc/udev/rules.d/45-u2f.rules
  SUBSYSTEM=="hidraw", MODE="0666", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0"
  and then issued a
  # sudo udevadm trigger
  Should work with other vendors assuming you change the idVendor and idProduct.
  Have fun!

  LukeHandle wrote:Was thinking about the same device, what are you thoughts on it so far? I was mostly concerned with the price and how that translated to the quality, or lack thereof.
  The device for which I sent a link for is cheap one and when you receive it actually looks cheap but does the job. Initially I thought I needed to install the FIDO U2F Chrome extension https://chrome.google.com/webstore/deta … ionmgcdmne but it works just fine without it assuming you are using Chrome or Chromium 38+ and the above udev rule on ArchLinux (not required on Windows and MAC OS).
  Use case is fairly limited so far since it can only be used on Google account. I tried to use this Plug-Up U2F dongle on Yubico U2F demo page http://demo.yubico.com/start/u2f/neo but it doesn't work and thus even with the FIDO U2F Chrome extension...Weird since I thought all U2F will all be compatible. Since the protocol is open I hope other use cases will arise such as more major supported websites, easy integration in existing frameworks such as Wordpress, Roundcube... but also alternative uses such as 2nd factor authentication for disk encryption (LUKS).

• What Bluetooth mouse would you recommend for machines running Snow Leopard

  I'm looking for one and I'd like to hear suggestions from people.

  As far as ergonomics are concerned, it's pretty subjective. It depends on the size of your hand and the position your prefer to hold the mouse in use.
  For me, the Magic Mouse is not ergonomically weak at all. I find it very comfortable, just the right weight for pushing around a mouse mat, and the touch surface / buttons work very well.
  Best thing to do is visit an Apple Store and try one out for as long as possible, and make up your own mind.
  Almost 30% of Mac users in the MacWorld poll below use a Magic Mouse, so it's found a lot of users in a small amount of time.
  http://www.macworld.co.uk/polls/index.cfm?action=showresults&pid=3210293

• Security for reprots running by Report Server

  Hi
  When I run Reports in the a Forms application
  usiing web.show_document() all the parameters
  including user/password appears in address bar .
  what should I do ???
  Thanx

  Hi,
  I presume that you are using run_report_object or run_product to generate the report, and then web.show_document to view it. Why the need for the username and password in cgicmd.dat - am I missing something? This should only be required if you are running web.show_document directly from the form without the built-in methods.
  PS: avoid putting un/psw in cgicmd.dat on a web server - not a good idea.
  Regards
  Pat

• [Solved] Need pointer for setting up an email server for other domains

  I am trying to setup a mail server that can handle multiple domains. Followed this tutorial [1]
  What I have:
  mailserver.domain.tld
  domain.tld
  domain2.tld
  I have set up postfix with dovecot through postfixadmin, have configured roundcube as my web email client. For the emails coming from and going to the @mailserver.domain.tld addresses work as I would expect them to.
  But what I am not grasping I guess is how do I add the domain.tld and domain2.tld domains so that the emails are @domain.tld but they are properly routed to be received on @mailserver.domain.tld
  I have been reading the wiki and the postfix virtual readme, but I feel like I am getting lost and confused on terms. Can someone point me back on path for what the proper next step is to be able to get the other domains to receive mail properly. Should it be done with a virtual email or domain or? I have tried both, but probably not properly and any time I send from @domain.tld the email headers do not say to send back to @mailserver.domain.tld .
  Thanks for your time and help.
  [1] https://wiki.archlinux.org/index.php/Si … ail_System
  Last edited by vwyodajl (2013-03-26 21:03:17)

  Did you add MX records for mailserver.domain.tld to your domains? That should basically all that is needed to get it working, assuming you configured the domains in postfixadmin already so your postfix feels responsible for them.

• Rules File Not Running in EPMA During Consolidation

  Greetings -
  I am doing a migration from 11.1.1.2 to our Production environment in 11.1.1.3. We are using EPMA, though I wrote and maintain the rules files in the old editor and import them to the calc manager. I have exported and imported the metadata, recreated the applications, imported the rules file, and recreated security. Everything between the two systems seem to match. The rules file imported without issue and can be extracted from the application, I know it is deploying. When I run a consolidation, the rules file seems to be getting skipped somehow. System translation and consolidation (no special rules for those) run fine, but the consolidation immediately starts at 40% and none of my dynamic or calculated accounts are ever populated. Any help would be greatly appreciated.
  Thanks,
  Sarah

  In Calc Manager, check in the menu bar, look for Deployment View.
  Make sure the Sub Calculate is checked and then re-deploy.

• [SOLVED] Help needed with iptables rule with unusual setup

  Hi I recently setup hostapd on my netbook so I could share a wireless network with my phone and I'm having trouble because my netbook is also hosting a Jetty sever (Subsonic media streamer).
  My setup is as follows
  [CABLE MODEM]===[WIRED ROUTER]=====[NETBOOK] ))))) [PHONE]
  The wired router provides the DHCP server.
  On my netbook I created a (br0) bridge between eth0 and wlan0 and started hostapd. That all works fine when I'm not trying to host my Jetty server on my netbook.
  The netbook has the IP 192.168.0.8
  The phone has the IP 192.168.0.6
  I do not want to give the Jetty server root permissions just so it can run on port 80. So instead I start it instead on port 4040 and then use a iptables rule to redirect connections to port 80 to port 4040.
  Before I setup hostapd on machine I used to use the following.
  iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 4040
  However when I'm using hostapd and try to access websites on my phone its web browser is ALWAYS REDIRECTED to my jetty server. I'm not really surprised at this as the rule I mentioned above is for any destination or any source.
  I tried this rule:
  iptables -t nat -A PREROUTING -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 4040
  This didn't work. On my phone I could access websites as expected but nobody (tried external from network and internally) could access the jetty server on port 80. Does anyone know why this rule doesn't work?
  I tried this rule:
  iptables -t nat -A PREROUTING \! -s 192.168.0.6 -p tcp --dport 80 -j REDIRECT --to-ports 4040
  This rule worked (Redirect port 4040 connections to port 80 if the connection isn't from my phone). But this is NOT very good at all as it means I would need a separate rule for every wireless device that connected to my netbook (via hostapd). Also if the IP address of my phone ever changes this rule becomes useless too!
  Does anyone have any ideas?
  Any help would be greatly appreciated.
  Thanks.
  Last edited by delcypher (2010-07-24 20:17:35)

  Well looks like I fixed my own problem.
  I added a LOG target in the PREROUTING chain like so
  iptables -t nat -A PREROUTING -p tcp --dport 80 -j LOG --log-prefix 'cheesy-redirect'
  iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 80
  When I looked at /var/logs/everything I noticed this.
  dan-netbook kernel: cheesy-redirectIN=br0 OUT= PHYSIN=eth0 MAC=00:26:18:73:ea:28:00:09:5b:5d:0a:33:08:00 SRC=178.102.41.92 DST=192.168.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=51411 DF PROTO=TCP SPT=48219 DPT=80 WINDOW=49640 RES=0x00 SYN URGP=0
  The destination is 192.168.0.3 ! Which is very very weird. This the IP address I had told my router to give my eth0 card in the past when I wasn't using a network bridge (br0). I was connected to the network using 192.168.0.8 on br0. The eth0 interface wasn't assigned an IP address.
  192.168.0.3 was also the IP address I setup for static port forwarding (which I forgot about) so when I accessed my jetty server from outside my network all packets would of been forwarded to 192.168.0.3
  I should never of received those packets as I was 192.168.0.8 not 192.168.0.3 at the time of logging so how I even received these packets is a mystery to me. Maybe the router software is buggy
  Fixing was pretty straight forward I changed the port forward to go to 192.168.0.8 and then tried connecting to the jetty server externally and noted in the log
  cheesy-redirectIN=br0 OUT= PHYSIN=eth0 MAC=00:25:d3:46:4d:0d:00:09:5b:5d:0a:33:08:00 SRC=178.102.41.92 DST=192.168.0.8 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=65326 DF PROTO=TCP SPT=33597 DPT=80 WINDOW=49640 RES=0x00 SYN URGP=0
  So the correct redirect rule is
  iptables -t nat -A PREROUTING -p tcp --dport 80 -d 192.168.0.8 -j REDIRECT --to-ports 80
  which works nicely
  One last question though. Does anyone know how I can use a hostname rather than 192.168.0.8 which points to whatever the IP address of br0 is set to? localhost points to 127.0.0.1 so that doesn't work.

• Closed port for torrent with no iptables.rules

  I have a home system with internet connection over a router. Firewall in the router seems to be disabled. I had installed guarddog and selected all the protocols that I need. There is no iptables in deamons line of rc.conf nor there is any iptables.rules files. There are 2 files in /etc/iptables, empty.rules and simple_firewall.rules. So, I wonder if any firewall is working at all in my system since guarddog is a frontend to iptables (i guess) and also is there any need for firewall since almost all the ports are closed.
  Secondly, the main issue. I was using ktorrent and it was working fine until a few days ago. Now, bittorrent is not working. its not connecting at all. I tried deluge from community repo and tested the ports with http://www.deluge-torrent.org/test-port.php?port=6881 and it gave me this result:
  TCP port 6881 closed on 121.247.200.189
  UDP port 6881 open on 121.247.200.189
  121.247.200.189 seems to be the ip of my isp as I got a dynamic one.
  I am able to reach surf net but not able to download using bitorrent, however, both is possible in windows.
  Taking clue from forum, i did nmap.
  nmap on my router
  [shantanu@bluehead ~]$ nmap 192.168.1.1
  Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-25 20:49 IST
  Interesting ports on 192.168.1.1:
  Not shown: 1679 filtered ports
  PORT STATE SERVICE
  21/tcp open ftp
  23/tcp open telnet
  53/tcp closed domain
  80/tcp open http
  443/tcp closed https
  554/tcp closed rtsp
  1755/tcp closed wms
  2401/tcp closed cvspserver
  5000/tcp closed UPnP
  5001/tcp closed commplex-link
  5050/tcp closed mmcc
  6881/tcp closed bittorent-tracker
  6969/tcp closed acmsoda
  7070/tcp closed realserver
  8000/tcp closed http-alt
  8080/tcp closed http-proxy
  8888/tcp closed sun-answerbook
  11371/tcp closed pksd
  Nmap finished: 1 IP address (1 host up) scanned in 27.653 seconds
  nmap on my ip
  [shantanu@bluehead ~]$ nmap 192.168.1.5
  Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-25 20:48 IST
  Interesting ports on 192.168.1.5:
  Not shown: 1696 closed ports
  PORT STATE SERVICE
  6000/tcp open X11
  Nmap finished: 1 IP address (1 host up) scanned in 0.519 seconds
  nmap on isp's ip displayed above.
  [shantanu@bluehead ~]$ nmap 121.247.200.189
  Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-25 20:50 IST
  Interesting ports on 121.247.200.189.bang-dynamic-bb.vsnl.net.in (121.247.200.189):
  Not shown: 1679 filtered ports
  PORT STATE SERVICE
  21/tcp open ftp
  23/tcp open telnet
  53/tcp closed domain
  80/tcp open http
  443/tcp closed https
  554/tcp closed rtsp
  1755/tcp closed wms
  2401/tcp closed cvspserver
  5000/tcp closed UPnP
  5001/tcp closed commplex-link
  5050/tcp closed mmcc
  6881/tcp closed bittorent-tracker
  6969/tcp closed acmsoda
  7070/tcp closed realserver
  8000/tcp closed http-alt
  8080/tcp closed http-proxy
  8888/tcp closed sun-answerbook
  11371/tcp closed pksd
  Nmap finished: 1 IP address (1 host up) scanned in 30.573 seconds
  Everywhere the bittorrent port seems to be closed. [b]How do I open this port?.[b/]
  Last edited by ravisghosh (2007-06-25 21:09:55)

  @madeye, first of all thanks a lot for such elaborate help.
  I used utorrent in windows and u r very much right that it uses UPnP. In deluge (bt client on arch), UPnP was there but disabled (shaded). Hence, I tried running utorrent using wine and it gave a error message "Unable to map UPnP port' and is not able to connect. So, UPnP is not working in my box.
  Then I tried as you suggested "iptables -L" and it gave me the following results.
  [shantanu@bluehead ~]$ sudo iptables -L
  Chain INPUT (policy DROP)
  target prot opt source destination
  ACCEPT 0 -- anywhere anywhere
  ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
  ACCEPT 0 -- 192.168.1.5 192.168.1.255
  logaborted tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:RST/RST
  ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
  ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
  ACCEPT icmp -- anywhere anywhere icmp time-exceeded
  ACCEPT icmp -- anywhere anywhere icmp parameter-problem
  nicfilt 0 -- anywhere anywhere
  srcfilt 0 -- anywhere anywhere
  Chain FORWARD (policy DROP)
  target prot opt source destination
  ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
  ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
  ACCEPT icmp -- anywhere anywhere icmp time-exceeded
  ACCEPT icmp -- anywhere anywhere icmp parameter-problem
  srcfilt 0 -- anywhere anywhere
  Chain OUTPUT (policy DROP)
  target prot opt source destination
  ACCEPT 0 -- anywhere anywhere
  ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:bootps
  ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
  ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
  ACCEPT icmp -- anywhere anywhere icmp time-exceeded
  ACCEPT icmp -- anywhere anywhere icmp parameter-problem
  s1 0 -- anywhere anywhere
  Chain f0to1 (3 references)
  target prot opt source destination
  ACCEPT udp -- anywhere anywhere udp dpts:6970:7170
  ACCEPT icmp -- anywhere anywhere icmp echo-reply
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:6881:6889 state NEW
  logdrop 0 -- anywhere anywhere
  Chain f1to0 (1 references)
  target prot opt source destination
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:6969 state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:http state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:http-alt state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8008 state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8000 state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8888 state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:ftp state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:https state NEW
  ACCEPT tcp -- anywhere anywhere tcp dpt:rtsp state NEW
  ACCEPT tcp -- anywhere anywhere tcp dpt:7070 state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:cvspserver state NEW
  ACCEPT tcp -- anywhere anywhere tcp dpt:1755 state NEW
  ACCEPT udp -- anywhere anywhere udp dpt:1755
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:11371 state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:5050 state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:telnet state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:5000:5001 state NEW
  ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:5000
  ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
  ACCEPT udp -- anywhere anywhere udp dpt:domain
  ACCEPT icmp -- anywhere anywhere icmp echo-request
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:5222 state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:5223 state NEW
  ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:6881:6889 state NEW
  logdrop 0 -- anywhere anywhere
  Chain logaborted (1 references)
  target prot opt source destination
  logaborted2 0 -- anywhere anywhere limit: avg 1/sec burst 10
  LOG 0 -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
  Chain logaborted2 (1 references)
  target prot opt source destination
  LOG 0 -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `ABORTED '
  ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
  Chain logdrop (4 references)
  target prot opt source destination
  logdrop2 0 -- anywhere anywhere limit: avg 1/sec burst 10
  LOG 0 -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
  DROP 0 -- anywhere anywhere
  Chain logdrop2 (1 references)
  target prot opt source destination
  LOG 0 -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `DROPPED '
  DROP 0 -- anywhere anywhere
  Chain logreject (0 references)
  target prot opt source destination
  logreject2 0 -- anywhere anywhere limit: avg 1/sec burst 10
  LOG 0 -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
  REJECT tcp -- anywhere anywhere reject-with tcp-reset
  REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
  DROP 0 -- anywhere anywhere
  Chain logreject2 (1 references)
  target prot opt source destination
  LOG 0 -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `REJECTED '
  REJECT tcp -- anywhere anywhere reject-with tcp-reset
  REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
  DROP 0 -- anywhere anywhere
  Chain nicfilt (1 references)
  target prot opt source destination
  RETURN 0 -- anywhere anywhere
  RETURN 0 -- anywhere anywhere
  RETURN 0 -- anywhere anywhere
  logdrop 0 -- anywhere anywhere
  Chain s0 (1 references)
  target prot opt source destination
  f0to1 0 -- anywhere 192.168.1.5
  f0to1 0 -- anywhere 192.168.1.255
  f0to1 0 -- anywhere bluehead.localdomain
  logdrop 0 -- anywhere anywhere
  Chain s1 (1 references)
  target prot opt source destination
  f1to0 0 -- anywhere anywhere
  Chain srcfilt (2 references)
  target prot opt source destination
  s0 0 -- anywhere anywhere
  That means iptables is not disabled and that firewall rules are setup by guarddog.
  I removed guarding using "pacman -Rns guarddog" and rebooted. Still get the same results with utorrent and "iptables -L" and also the port test shows tcp 6881 is still closed.
  Removed iptables and now bt clients seems to be able to connect and it works; however, port test still shows tcp 6881 closed.
  Last edited by ravisghosh (2007-06-27 16:51:12)

• [SOLVED]system fails to boot since adding udev rules for automounting

  Hello
  I have recently been trying to use udev rules to automount, and putting together stuff from the wiki, forums and general googling around have produced the following set of rules:
  # automounts usb hdd and pendrives as usbhd-sdx; no messing around with
  # volume labels or other confusing stuff
  # matches all sdx devices except the internal hdd, sda
  KERNEL=="sd[b-z]", NAME="%k", SYMLINK+="usbhd-%k", GROUP="users", OPTIONS="last_rule"
  # imports filesystem information
  ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
  # creates mount points and sets up symlinks
  ACTION=="add", KERNEL=="sd[b-z][0-9]", SYMLINK+="usbhd-%k", GROUP="users", NAME="%k"
  ACTION=="add", KERNEL=="sd[b-z][0-9]", RUN+="/bin/mkdir -p /media/usbhd-%k"
  ACTION=="add", KERNEL=="sd[b-z][0-9]", RUN+="/bin/ln -s /media/usbhd-%k /mnt/usbhd-%k"
  # global mount options
  ACTION=="add", ENV{mount_options}="relatime"
  # filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat)
  ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"
  # automount ntfs filesystem with ntfs-3g driver
  ACTION=="add", KERNEL=="sd[b-z][0-9]", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k /media/usbhd-%k", OPTIONS="last_r$
  # automount all other file systems
  ACTION=="add", KERNEL=="sd[b-z][0-9]", ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
  # unmounts and removes the mount points
  ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/rm -f /mnt/usbhd-%k"
  ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/umount -l /media/usbhd-%k"
  ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/rmdir /media/usbhd-%k", OPTIONS="last_rule"
  This seemed to be working very well unitl I tried to boot this morning and the boot process stopped at "processing UDev events" with the following message:
  iTCO_wdt: Unexpected close, not stopping watchdog!
  It pauses at this point for 10-15 seconds and then reboots.
  Having searched a bit, I found the following similar post on the forums:  http://bbs.archlinux.org/viewtopic.php?pid=459375
  Which suggests that the problem might lie with this line:
  ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
  I have renamed the file so that it no longer has the udev .rules extension and now the system boots fine.  Does anyone have any suggestions as to why the above rules might be causing this behaviour and how I might go about fixing it?
  Thanks
  Last edited by useradded (2010-07-02 22:58:14)

  Hey falconindy
  That was the final kick up the logical a$$ that I needed to get some kind of grip on udev rules.  I now have a fully functional rule that applies only to /dev/sdxy and not to everything else as well, so no more boot trauma, THANK YOU.
  I will mark this thread as solved and post my new rule for the benefit of anyone who might read this.
  New rule (no boot problems):
  # automounts usb hdd and pendrives as label or as usbhd-sdxy if no label present
  # ensures the following is _only_ run for sdxy devices excluding internal hdd, sda
  KERNEL!="sd[b-z][0-9]", GOTO="personal_usb_automount_settings_end"
  # imports filesystem information
  # provides access to following variables:
  # ID_FS_UUID; ID_FS_UUID_ENC; ID_FS_VERSION; ID_FS_TYPE; ID_FS_VERSION; ID_FS_LABEL
  # accessible via ENV{variable}; $env{variable}|%E{variable}
  IMPORT{program}="/sbin/blkid -o udev -p %N"
  # Get a label if present, otherwise name usbhd-%k
  ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"
  ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"
  # creates mount points and sets up symlinks
  ACTION=="add", SYMLINK+="%E{dir_name}", GROUP="users", NAME="%k"
  ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}"
  ACTION=="add", RUN+="/bin/ln -s /media/%E{dir_name} /mnt/%E{dir_name}"
  # global mount options
  ACTION=="add", ENV{mount_options}="relatime"
  # filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat)
  ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"
  # automount ntfs filesystem with ntfs-3g driver
  ACTION=="add", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k /media/%E{dir_name}", OPTIONS="last_rule"
  # automount all other file systems
  ACTION=="add",ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k /media/%E{dir_name}", OPTIONS="last_rule"
  # unmounts and removes the mount points
  ACTION=="remove", RUN+="/bin/rm -f /mnt/%E{dir_name}"
  ACTION=="remove", RUN+="/bin/umount -l /media/%E{dir_name}"
  ACTION=="remove", RUN+="/bin/rmdir /media/%E{dir_name}", OPTIONS="last_rule"
  # exit
  LABEL=="personal_usb_automount_settings_end"
  Last edited by useradded (2010-07-02 22:59:20)

• Auto Run Program not updating Settlement Rules for few WBS elements

  Hi,
  Addition of settlement rules for OPEX WBS.
  In producion system, two jobs are running daily for generating settlement rules of WBS elements but, all WBS elements are not updating with Settlement rules.
  It is becoming a problem in the Period end while doing the settlement. Currently we are updating the settlement rule manually.
  We have investigated and found the following WBS element with Profile name  are not updating Settlement rule.
  H-U0DU0204DE-EX-J0  - HHDC01
  H-N0U00ULD01-P1-D1-W2 - 000090
  H-U0DU0204DE-EX-U0-T1-OB - HHDC01
  H-U0DU0204DE-EX-U1-W1-ON - HHDC01
  H-U0DU0204DE-EX-U2-W1-ON - HHDC01
  H-U0DU0204DE-EX-I0-E1 - HHDC01
  H-U0DU0204DE-EX-I0-B1 -HHDC01
  H-U1DU0204DE-EX-U0-W1-ON - HHDC01
  Job Names :
  ZFPD_UK_SETTLEMENT_RULE_GEN
  ZFPD_NO_SETTLEMENT_RULE_GEN
  Please suggest on this issue
  Regards

  Hi,
  I suppose these are background jobs. Usually there is an issue with background jobs that are run for a custom developed program. Not sure why that happens. Even i faced this issue with a couple of jobs in my system. I have still not found out the reason as to why this happens. There might be a possibility that these projects were being processed in the foreground by some user and hence they were omitted from the run.
  I would suggest you to consult your technical guys on this.
  Regards,
  Gokul

• Download for SQL Server machine running Windows Server 2008 Enterprise SP2

  I am confused what 11g product to download and how to configure for the above server. I just need for SQL Server 2008 to be able to communicate with some Oracle databases. I don't need to manage the Oracle database, nor do I need to create one. I just need to be able to create linked servers, use SQL Plus, and create some SSIS or DTS packages that will bring Oracle data into the SQL Server. I think I just need the client, but for 11g, I see it is less than 1GB in size. I am afraid I may be missing something because I thought the client downloads were about 2GB, but the 2GB downloads are not called "client". This is a 64bit machine running an Intel Xeon X7460 chip.
  Our server has a C:\, D:\, and E:\ drive on it. The data (.mdf) is on drive E:\. The normal environment is on C:\ like usual. I also need to know if I need to set environment variables which I read about, but am not sure how to set them and make them stay, or if the software does that.
  As an aside, I tried installing a 10g on there that the DBA downloaded and could never get it to work, although I was successful in getting tnsping to work, but SQLPlusW would close on me when I tried to connect and SQLPlus failed with some error but can't remember what right now. I uninstalled it. I think it may have been the wrong download.
  I would appreciate any info at all, even if you don't know about everything said here.
  I have a link here where I think I am close, but I still am not sure. Let me know if this is correct and which link to click. If I am wrong, please provide the correct link if you can. Thank you.
  [http://www.oracle.com/technetwork/database/enterprise-edition/downloads/112010-win64soft-094461.html]
  Edited by: user486992 on Oct 20, 2010 11:07 AM

  Hi,
  To integrate Oracle with SQL server you need the following
  Install Oracle 11g Release 2 client software
  Install Oracle 11g Release 2 ODAC software
  Restart SQL services
  Configure OraOLEDB.Oracle provider
  Create linked server
  Add remote logins for linked server
  see this links
  http://www.mssqltips.com/tip.asp?tip=1433
  http://www.easysoft.com/applications/oracle/database-gateway-dg4odbc.html :)

• Business Rule err The following value is not valid for the run time prompt.

  Hyperion Planning v 9.3.3
  I have created a new BR with 2 local variables (created at the time of the BR), Variables are set as run time prompts. They are created as "Member" (not Members). The BR basically does a calc dim on dense and Agg on Sparce other than the prompt on Entity and Version dimensions. The entity variable has a limit on level 0 of the dimension. The Version variable limits to the input (Submit and Sandboxes)
  The BR is associated in Planning with an input web form. Entity and Version are in the page. Is set to Run on Save and Use members on form.
  If the run time prompts Hide boxes are checked, an empty Prompt pops up with only a Submit button. Click the button and an error comes up: "The following value is not valid for the run time prompt it was entered for:. But it does not indicate what member - just ends in the :.
  The BR will run sucessfully only if the Run-time prompt is not hidden - "Hide" in the BR is unchecked. So the syntax and logic of the BR is correct and security should not be an issue.
  The client wants no prompt. In production we have similar situations in which the BR works with the Web Forms without a prompt.
  What am I doing wrong - I have tried restarting the Planning service and the EAS service.

  My preferred method of doing this is:
  1. In business rule, do not hide the run-time prompts. This makes it easy to validate the business rule as you are building it. I only use Global Variables.
  2. On the form, have business rule set to run on save, use members on data form and hide prompt.
  Check that in the business rule, for the variables (Run-Time prompts), that they are all in use. If not, delete them from the business rule. Are all your variables global? Are some local and some global? This could be the issue.
  Deanna