[Solved] Packet filtering.

Similar Messages

• System crash attempting to use the packet filtering on Solaris 10, MU7

  I have been attempting to port my kernel module to run on Solaris 10, MU7 (from MU6). Some changes to the packet filtering hooks interface requires me to make code changes and linker option changes i.e -Nmisc/neti -Nmisc/hook
  I now have my module loading successfully and "hooking" packets. However, I am seeing instability and after processing in the order of 100-200 packets the system crashes. See stack dump beow for details.
  Also note that initially my callback hook function is very simple i.e returns 0.
  I require assistance on identifying the root cause. The key code fragements are as follows:
  int _init()
  // allocated a control block using net_instance_alloc
  // populated the nin_name, nin_create, nin_destroy, and nin_shutdown fields with valid callback functions
  // registered the control block using net_instance_register
  static int _attach(dip, cmd)
  dev_info_t *dip;
  ddi_attach_cmd_t cmd;
  // initialised a hook control block using HOOK_INIT
  // performed a protocol lookup (using net_protocol_lookup) on the net_id provided by the nin_create function callback
  // registered the hook with the net_id protocol using net_hook_register
  static int
  myipf_hook4_in (hook_event_token_t tok, hook_data_t info, void *arg) {
  // simple callback function for test purposes
  return 0;
  System Stack trace:
  Boot device: /virtual-devices@100/channel-devices@200/disk@0:a File and args:
  SunOS Release 5.10 Version Generic_139555-08 64-bit
  Copyright 1983-2009 Sun Microsystems, Inc. All rights reserved.
  Use is subject to license terms.
  Hostname: bfs-t5440-03-ldm12
  NIS domain name is bfs.nis
  Reading ZFS config: done.
  bfs-t5440-03-ldm12 console login:
  panic[cpu9]/thread=2a100a67ca0: BAD TRAP: type=9 rp=2a100a67630 addr=7b6e8d48 mmu_fsr=0
  sched: trap type = 0x9
  addr=0x7b6e8d48
  pid=0, pc=0x7b6e8d48, sp=0x2a100a66ed1, tstate=0x1606, context=0x0
  g1-g7: 1910, 18b0, 2a100a678f0, 60010776b14, 1910, 0, 2a100a67ca0
  000002a100a67350 unix:die+9c (9, 2a100a67630, 7b6e8d48, 0, 2a100a67410, 182b400)
  %l0-3: 000000000100954c 0000000000000009 0000060020ac1620 00000000010523ac
  %l4-7: 00000000018a3c78 0000060020ac1848 000003000481dbe0 00000000010ac400
  000002a100a67430 unix:trap+6cc (2a100a67630, 10000, 0, 0, 30004028000, 2a100a67ca0)
  %l0-3: 0000000000000000 000000000185b480 0000000000000009 0000000000000000
  %l4-7: 0000000000000000 0000000000000000 0000000000001606 0000000000010200
  000002a100a67580 unix:ktl0+64 (300014c8e40, 2a100a67890, 600114fb428, 3, 1, 0)
  %l0-3: 0000030004028000 0000000000000048 0000000000001606 0000000001021604
  %l4-7: 00000000003c0000 0000000000000001 0000000000000000 000002a100a67630
  000002a100a676d0 hook:hook_run+7c (30001b039c0, 300014c8e40, 2a100a67890, 60012566ea8, 7b6e8d48, 1)
  %l0-3: 0000030001b039c8 00000600117df3c0 0000000001878888 0000000000000000
  %l4-7: 0000000000000000 000000000000003c 0000000000000000 0000000000000000
  000002a100a67780 ip:ip_input+3b4 (0, 600135ca040, 0, 6001359bc28, 0, 0)
  %l0-3: 0000000000000000 0000000000000000 0000000000000000 0000060011562000
  %l4-7: 00000000e0000000 0000000000000001 0000000000000000 0000000000000000
  000002a100a67910 dls:soft_ring_drain+78 (600135d1f00, 60011dfa940, 2, 2000000, 2, 0)
  %l0-3: 0000000000000000 0000000000000000 0000000000000004 0000000000000005
  %l4-7: 000006001359bc28 00000600135ca040 000000007be1c238 000000000000fffe
  000002a100a679c0 dls:soft_ring_worker+64 (600135d1f00, 0, 2, 600135d1f4c, 0, 2a100a67a8a)
  %l0-3: 000002a100a67a88 0000000000000000 000002a10001fca0 000002a10001fca0
  %l4-7: 0000000000000002 0000000000000000 0000000000000002 00000000018f1000
  syncing file systems... [1] 104 [1] 95 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 [1] 4 done (not all i/o completed)
  dumping to /dev/dsk/c0d0s1, offset 644284416, content: kernel
  100% done: 118970 pages dumped, compression ratio 10.00, dump succeeded
  rebooting...
  Resetting...
  -eugene
  Edited by: emonagh on Aug 25, 2009 1:54 AM
  Edited by: emonagh on Aug 25, 2009 1:56 AM

  I have checked weblogic download link.
  Currently webloigc is only available only for below mentioned platforms:-
  1. Windows (32 bit jvm)
  2. Linux (32 bit jvm)
  3. sun solaris (only SPARC) (32 bit JVM)
  There is no generic installer available for weblogic 9.2
  Thus what I want is weblogic 9.2 setup for x86 machine.
  I have tried to run weblogic 9.2 setup for linux on sun solaris x86.
  But it did not run, it also gave error message that some package is missing in /lib/.. folder.....

• Packet filtering and traffic shaping during peak h...

  I play the online game World of Tanks and an currently exteriancing severe lagg and disconnects, the problem does not appear to be with the game/service provider but with BT, i need to know does BT  use "packet filtering" and "traffic shaping" during peak hours and if so why has it suddenly started.
  This game use's P2P to keep the latency down for players so have been advised to contact BT and ask them are they limiting these types of connections.
  Most games do not use these types of connections, but World of Tanks one does and again,been told BT just don't like them, due to the amount of connections they attempt to forge in order to have a stable latency.
  I need to know if this is going to continue as pay to play the game, therefore would have to consider changing my ISP to virgin who dont  use "packet filtering" and "traffic shaping" during peak hours .
  Quick advice would be appreciated.

  It's absolutely horrible. i turned off wifi all other devices and every other open program just to reduce my latency for 120ms to 80ms.
  Still suffer from huge packet loss.
  It would be absolutely horrible if they have started throttling worldoftanks.eu servers. Phone support is no help all they torld me to do is restart my router
  I hope this is fixed soon. There are many posts on the WoT eu official forums and everyone that is effected appears to be a BT customer.
  Some have mentioned it could be the damaged undersea cable.
  I don't have any problems with torrents being throttled or anything like that. only worldoftanks.eu being throttled.

• Systemd- failed to start packet filtering framework

  I had installed systemd and also iptables and till recently everything seemed all right. Now I have started getting an error message on bootup that "failed to start packet filtering framework".
  There is a suggestion at this site: https://mailman.archlinux.org/pipermail … 30565.html
  On running the command "sudo systemctl status iptables", following is the output:
  iptables.service - Packet Filtering Framework
  Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled)
  Active: failed (Result: exit-code) since Tue, 23 Oct 2012 17:30:07 +0000; 12min ago
  Process: 200 ExecStart=/usr/sbin/iptables-restore /etc/iptables/iptables.rules (code=exited, status=1/FAILURE)
  CGroup: name=systemd:/system/iptables.service
  Oct 23 17:30:16 myhost iptables-restore[200]: Can't open /etc/iptables/iptables.rules: No such file or directory
  How can I correct this error? Please help.
  Last edited by rnarch (2012-10-23 12:17:56)

  /etc/iptables/iptables.rules  file does not exist, but system was not giving this error message earlier. I was loading iptables rules by following command in /etc/rc.local:
  iptables-restore /home/myfw-regular.saved
  Probably, I should move myfw-regular.saved file to  /etc/iptables/iptables.rules   and remove the rc.local line.

• Disable packet filtering on BM 3.6

  Hi
  I have a border manager firewall that I am replacing with a hardware box. I
  would still like to use the Border manager as a proxy server and use its
  access rules but do not want it to packet filter.
  What is the easiest way to acheive this?
  thanks
  Mike

  thanks for that Craig. I am happy with that part of it but what I need to
  do is turn the BM box into just a router and turn off all packet
  filtering.
  What is the best way to do that. Is it via filtcfg or do I need to stop
  certain NLMs loading?
  thanks
  > Make the BMgr server's default gateway the new filtering box.
  >
  > Filter port 80 and 443 on the new box, and allow those ports only from
  > the BMgr server's IP address.
  >
  > Craig Johnson
  > Novell Support Connection SysOp
  > *** For a current patch list, tips, handy files and books on
  > BorderManager, go to http://www.craigjconsulting.com ***
  >
  >

• Switch having feature of VPN & Packet Filtering

  Can someboady help me to know the low end Switch that can be configured for VPN, Packet Filtering etc... within a switch itself?
  Suresh

  Hi Suresh,
  If you are deploying MPLS VPN then you can got for 3750 metro ethernet switches as well.
  The configure vpn in cisco switch Catalyst Metro switches are a new line of premier multilayer switches that bring greater intelligence to the metro Ethernet edge, enabling the delivery of more differentiated metro Ethernet services. Featuring hierarchical quality of service (QoS) and traffic shaping, intelligent 802.1Q tunneling, VLAN mapping, Multi-protocol Label Switching (MPLS) and Ethernet over MPLS (EoMPLS) support, and redundant AC or DC power, these switches are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, configure vpn in switch a variety of bandwidths and with different service-level agreements (SLAs). With flexible software options, the Catalyst Metro offers a cost-effective path for meeting current and future service requirements from service providers serving enterprises and commercial businesses.
  HTH,Please rate if it does.
  -amit singh

• Switch supporting VPN & Packet Filtering

  Can somebody help me in finding the low end cisco switch that can support VPN as well Packet filtering?
  As I need to quote this for one of my customer.
  Suresh

  Mostly switches that support L3 service should support VPN.It is supported in Cisco 6000 Cat IOS.Search for the keyword "VPN support on switches" in cisco.com.Lot of references available.

• 802.11 Promiscuous Packet Filters

  Hi!
  This WDK documentation
  topic has the following text:
  Note  It is only valid for the miniport driver to enable the NDIS_PACKET_TYPE_PROMISCUOUS, NDIS_PACKET_TYPE_802_11_PROMISCUOUS_MGMT, or NDIS_PACKET_TYPE_802_11_PROMISCUOUS_CTRL packet filters if the driver is operating in Network
  Monitor (NetMon) or Extensible Access Point (AP) modes.
  Is that correct? Why are promiscuous filters valid for ExtAP and not for ExtSTA modes?
  Please note that I looked at the Native Wi-Fi Miniport Sample Driver in the Windows 8.1 WDK. I could not see any code that sets the promiscuous filters as described in the WDK.  In fact, the function StaSetPacketFilter simply sets the filter settings
  without checking to see if any of the promiscuous filter bits are set.
  What am I missing?
  Thanks!

  > Is that correct?
  No one denied this, so, very probably, correct.
  > What am I missing?
  Sample drivers are not 100% production quality. You can request to fix the sample to match the documentation.
  Happy new year!
  -- pa

• Suggestion for packet filtering

  i m trying to use the java to implement the packet filtering function..i would like to know which package i suppose to use? java.net is not enought for packet filtering rite? another one thing jar file is suitable to use the agent or not? or use the agent in exe and call the main function in java? can i have some suggestion? thanks

  is planning the fault? or people who discouraging me bear the fault? without planning what u can do? consider please! if u wanna know something but people laugh at u because u don't know, how will u feel? u have posted lots in here. are all the messages are discouraging the people who don't know? stop thinking urself as GREAT ok? NO BODY IS PERFECT IN EVERY THING. stick on it.
  why don't u just help me out by showing the way? stop flaunting around! no body want like this kind of character here.

• Packet filters support supernets?

  I trying to get BM3.8 setup to allow packet filter exceptions for smtp
  from multiple "networks" which are supernets (email goes thru'
  MessageLabs)
  I read somewhere that there is a bug or 3.8 does not support supernetting.
  The trace shows the inbound packets being discarded even though they are
  in the supernet range.
  Any ideas - work arounds.

  Given that there are literally hundreds of individuals subnets - I will just recommend that the client purchase a real firewall. :(
  >>> Caterina Luppi<[email protected]> 23/06/2006 03:52:54 >>>
  Jeff,
  > I trying to get BM3.8 setup to allow packet filter exceptions for smtp
  > from multiple "networks" which are supernets (email goes thru'
  > MessageLabs)
  >
  > I read somewhere that there is a bug or 3.8 does not support supernetting..
  Correct - packet filters don't support supernetting.
  > Any ideas - work arounds.
  no workarounds, I'm afraid. You'll have to duplicate the filters for
  each network you need to open.
  Cat
  NSC Volunteer Sysop

• Bordermanager 3.8 sp5 ir packet filtering problems

  Hello,
  On a freshly installed netware 6.5 sp6 with post fixes server, i have some problems with the packet filters i had never before.
  the strange thing that happens is that when i load my filters some services configured on the private network card get blocked to. Like DHCP (does not want to bind)/NDPS manager/Groupwise poa
  The rest of the traffic is going correctly thru my exceptions.
  i already checked the tcpip.cfg for duplicate entry's and checked my servers configured services and ip numbers on NORM.
  already tried to clear all filters and delete the filters.cfg file and run a brdcfg.
  Best regards,
  Niels van der Greef

  Originally Posted by Craig Johnson
  What is configured in FILTCFG for filtering (not filter exceptions?)
  Does it look like tip #13 at the URL below?
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***
  Yes the filters are configured that way.

• DNS Packet Filtering Within BM3.9

  Hi
  I hope you can help - now i think i know the answer to this (No!), but i really need some functionality within ZCM10 working ok for patches. See :- here
  But as we use BM3.9 which does not allow DNS filtering am i to understand its not possible to follow this particular Novell TID with the only Novell product that does this job!.
  Or am i being dimm.
  Cheers
  Jules

  Hi,
  Jules2003 wrote:
  >
  > Hi
  >
  > The TID does not mention it but it is implied here :-
  >
  > # From the ZCM server where patch download has been enabled, ensure
  > that the firewall/proxy is open to ping, traceroute, and a browser
  > response on http, https from:
  >
  > 1. http://cdn.patchlink.com/novell
  > 2. http://content.patchlink.com/novell
  > 3. https://novell.patchlink.com/
  > 4. http://novell.cdn.lumension.com/novell/baretta.xml
  Yes, and? There's no relation to DNS here, right?
  > How is this possible through bordermanager without proxy
  > authentication, our ZCM server is linux, so no client trust
  > authentication to use the proxy rules.
  Then you either allow by source IP of your ZCM server (you can do that
  throug hfiltering or in proxy authentication rules). Or you allow
  unauthenticated access to the targets by their DNS name (proxy access
  rules only).
  > So then im guessing we need to go
  > down to the filters which in our case do not allow DNS based filtering
  > which aside from the above has been a problem with windows updates
  > also.
  Windows updates are an entirely different matter. I strongly suggest a
  WSUS server, and again allow that to go through the proxy based on it's
  IP. Automatic Windows updates using the proxy have never worked through
  Bordermanagers Proxy. I know there are some odd reports that it works,
  but that doesn't match my experience.
  > So the question im asking is can i use DNS based filtering as that TID
  > implies that i need it.
  No you can't, and no, that TID does not imply that. You *can* of course
  configure the necessary access rules by target DNS name or even allow
  filter exceptions based on source IP of your ZCM servers.
  CU,
  Massimo Rosen
  Novell Product Support Forum Sysop
  No emails please!
  http://www.cfc-it.de

• Packet filtering on BGP communities

  Hi all
  I want to achieve the following scenario:
  I have a BGP feed that gives me routes with community X.
  I have an input ACL on an interface.
  I want to be able to say:
  if src or dst of packet = any route with community x then drop
  I can do this with FBF in junos, can I do this on IOS-XR?

  Hi William,
  I think you can use technique similar to RTBH :
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf
  by using rpl to set the next-hop to a /32 address statically routed to NULL.
  For source address match, you combine this with RPF.
  Hope it helps,
  Serge.

• [SOLVED] sshd.service won't wait for interface/netcfg at boot

  Problem summary:
  I have a home server that is configured with a static ip configured using netcfg and ifplugd. In the 'unit' section of sshd.service file I have 'After=sys-subsystem-net-devices-eno1.device' meant to let the service wait before the device is up. Ever since upgrading to systemd however at boot  the sshd.service enters failed state. Only after manually issuing 'systemctl start sshd.service' the service will run and I can connect to it from another machine. I  tried adding 'net-auto-wired.service' to the 'After' line but the result is the same.
  /etc/conf.d/netcfg:
  NETWORKS=(myethernet)
  WIRED_INTERFACE="eno1"
  /etc/network.d/myethernet:
  CONNECTION="ethernet"
  DESCRIPTION="A basic static ethernet connection using iproute"
  INTERFACE="eno1"
  IP="static"
  ADDR="192.168.1.5"
  GATEWAY="192.168.1.254"
  DNS=("83.98.255.11")
  /etc/systemd/system/sshd.service:
  [Unit]
  Description=OpenSSH Daemon
  Wants=sshdgenkeys.service
  #After=net-auto-wired.service sys-subsystem-net-devices-eno1.device
  After=sys-subsystem-net-devices-eno1.device
  [Service]
  ExecStart=/usr/sbin/sshd -D
  ExecReload=/bin/kill -HUP $MAINPID
  KillMode=process
  Restart=always
  [Install]
  WantedBy=multi-user.target
  output of 'systemctl status sshd.service'  after boot:
  sshd.service - OpenSSH Daemon
  Loaded: loaded (/etc/systemd/system/sshd.service; enabled)
  Active: failed (Result: start-limit) since Sat 2013-03-09 22:09:38 CET; 3min 28s ago
  Process: 405 ExecStart=/usr/sbin/sshd -D (code=exited, status=255)
  Mar 09 22:09:38 arch-server systemd[1]: Unit sshd.service entered failed state
  Mar 09 22:09:38 arch-server systemd[1]: sshd.service holdoff time over, scheduling restart.
  Mar 09 22:09:38 arch-server systemd[1]: Stopping OpenSSH Daemon...
  Mar 09 22:09:38 arch-server systemd[1]: Starting OpenSSH Daemon...
  Mar 09 22:09:38 arch-server systemd[1]: sshd.service start request repeated too quickly, refusing to start.
  Mar 09 22:09:38 arch-server systemd[1]: Failed to start OpenSSH Daemon.
  Mar 09 22:09:38 arch-server systemd[1]: Unit sshd.service entered failed state
  output of 'journalctl -b | grep sshd'
  Mar 09 22:09:36 arch-server sshd[342]: Set /proc/self/oom_score_adj from 0 to -1000
  Mar 09 22:09:36 arch-server sshd[342]: error: Bind to port 22 on 192.168.1.5 failed: Cannot assign requested address.
  Mar 09 22:09:36 arch-server sshd[342]: fatal: Cannot bind any address.
  Mar 09 22:09:36 arch-server systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
  Mar 09 22:09:36 arch-server systemd[1]: Unit sshd.service entered failed state
  Mar 09 22:09:36 arch-server systemd[1]: sshd.service holdoff time over, scheduling restart.
  Mar 09 22:09:36 arch-server sshd[384]: Set /proc/self/oom_score_adj from 0 to -1000
  Mar 09 22:09:36 arch-server sshd[384]: error: Bind to port 22 on 192.168.1.5 failed: Cannot assign requested address.
  Mar 09 22:09:36 arch-server sshd[384]: fatal: Cannot bind any address.
  Mar 09 22:09:36 arch-server systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
  Mar 09 22:09:36 arch-server systemd[1]: Unit sshd.service entered failed state
  Mar 09 22:09:36 arch-server systemd[1]: sshd.service holdoff time over, scheduling restart.
  Mar 09 22:09:36 arch-server systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
  Mar 09 22:09:36 arch-server sshd[390]: Set /proc/self/oom_score_adj from 0 to -1000
  Mar 09 22:09:36 arch-server sshd[390]: error: Bind to port 22 on 192.168.1.5 failed: Cannot assign requested address.
  Mar 09 22:09:36 arch-server sshd[390]: fatal: Cannot bind any address.
  Mar 09 22:09:37 arch-server systemd[1]: Unit sshd.service entered failed state
  Mar 09 22:09:37 arch-server systemd[1]: sshd.service holdoff time over, scheduling restart.
  Mar 09 22:09:37 arch-server sshd[393]: Set /proc/self/oom_score_adj from 0 to -1000
  Mar 09 22:09:37 arch-server sshd[393]: error: Bind to port 22 on 192.168.1.5 failed: Cannot assign requested address.
  Mar 09 22:09:37 arch-server sshd[393]: fatal: Cannot bind any address.
  Mar 09 22:09:37 arch-server systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
  Mar 09 22:09:37 arch-server systemd[1]: Unit sshd.service entered failed state
  Mar 09 22:09:37 arch-server systemd[1]: sshd.service holdoff time over, scheduling restart.
  Mar 09 22:09:37 arch-server sshd[395]: Set /proc/self/oom_score_adj from 0 to -1000
  Mar 09 22:09:37 arch-server sshd[395]: error: Bind to port 22 on 192.168.1.5 failed: Cannot assign requested address.
  Mar 09 22:09:37 arch-server sshd[395]: fatal: Cannot bind any address.
  Mar 09 22:09:37 arch-server systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
  Mar 09 22:09:37 arch-server systemd[1]: Unit sshd.service entered failed state
  Mar 09 22:09:37 arch-server systemd[1]: sshd.service holdoff time over, scheduling restart.
  Mar 09 22:09:37 arch-server sshd[405]: Set /proc/self/oom_score_adj from 0 to -1000
  Mar 09 22:09:37 arch-server sshd[405]: error: Bind to port 22 on 192.168.1.5 failed: Cannot assign requested address.
  Mar 09 22:09:37 arch-server sshd[405]: fatal: Cannot bind any address.
  Mar 09 22:09:37 arch-server systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
  Mar 09 22:09:38 arch-server systemd[1]: Unit sshd.service entered failed state
  Mar 09 22:09:38 arch-server systemd[1]: sshd.service holdoff time over, scheduling restart.
  Mar 09 22:09:38 arch-server systemd[1]: sshd.service start request repeated too quickly, refusing to start.
  Mar 09 22:09:38 arch-server systemd[1]: Unit sshd.service entered failed state
  Mar 09 22:13:19 arch-server sshd[597]: Set /proc/self/oom_score_adj from 0 to -1000
  Mar 09 22:13:19 arch-server sshd[597]: Server listening on 192.168.1.5 port 22.
  Mar 09 22:13:58 arch-server sshd[603]: Set /proc/self/oom_score_adj to 0
  output of 'ip link':
  eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
  inet 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255
  inet6 (...) prefixlen 64 scopeid 0x20<link>
  ether (...) txqueuelen 1000 (Ethernet)
  RX packets 2399 bytes 176947 (172.7 KiB)
  RX errors 0 dropped 0 overruns 0 frame 0
  TX packets 846 bytes 112345 (109.7 KiB)
  TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
  device interrupt 45 base 0x4000
  lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
  output of 'systemctl' after issuing 'systemctl start sshd.service' :
  UNIT LOAD ACTIVE SUB DESCRIPTION
  proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable File Formats File System Automount Point
  sys-devices-pci0000:00-0000:00:1b.0-sound-card0.device loaded active plugged /sys/devices/pci0000:00/0000:00:1b.0/sound/card0
  sys-devices-pci0000:00-0000:00:1c.0-0000:01:00.0-net-eno1.device loaded active plugged /sys/devices/pci0000:00/0000:00:1c.0/0000:01:00.0/net/eno1
  sys-devices-pci0000:00-0000:00:1c.1-0000:02:00.0-net-wlp2s0.device loaded active plugged /sys/devices/pci0000:00/0000:00:1c.1/0000:02:00.0/net/wlp2s0
  sys-devices-pci0000:00-0000:...d5:1.0-host6-target6:0:0-6:0:0:0-block-sdc-sdc1.device loaded active plugged U3_Cruzer_Micro
  sys-devices-pci0000:00-0000:...d5:1.0-host6-target6:0:0-6:0:0:0-block-sdc-sdc2.device loaded active plugged U3_Cruzer_Micro
  sys-devices-pci0000:00-0000:...-1\x2d5:1.0-host6-target6:0:0-6:0:0:0-block-sdc.device loaded active plugged U3_Cruzer_Micro
  sys-devices-pci0000:00-0000:00:1f.2-host2-target2:0:0-2:0:0:0-block-sda-sda1.device loaded active plugged FUJITSU_MJA2320BH_G2
  sys-devices-pci0000:00-0000:00:1f.2-host2-target2:0:0-2:0:0:0-block-sda-sda2.device loaded active plugged FUJITSU_MJA2320BH_G2
  sys-devices-pci0000:00-0000:00:1f.2-host2-target2:0:0-2:0:0:0-block-sda-sda3.device loaded active plugged FUJITSU_MJA2320BH_G2
  sys-devices-pci0000:00-0000:00:1f.2-host2-target2:0:0-2:0:0:0-block-sda.device loaded active plugged FUJITSU_MJA2320BH_G2
  sys-devices-pci0000:00-0000:00:1f.2-host4-target4:0:0-4:0:0:0-block-sdb-sdb1.device loaded active plugged FUJITSU_MJA2320BH_G2
  sys-devices-pci0000:00-0000:00:1f.2-host4-target4:0:0-4:0:0:0-block-sdb.device loaded active plugged FUJITSU_MJA2320BH_G2
  sys-devices-platform-serial8250-tty-ttyS2.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS2
  sys-devices-platform-serial8250-tty-ttyS3.device loaded active plugged /sys/devices/platform/serial8250/tty/ttyS3
  sys-devices-pnp0-00:03-tty-ttyS0.device loaded active plugged /sys/devices/pnp0/00:03/tty/ttyS0
  sys-devices-pnp0-00:04-tty-ttyS1.device loaded active plugged /sys/devices/pnp0/00:04/tty/ttyS1
  sys-devices-virtual-block-dm\x2d0.device loaded active plugged /sys/devices/virtual/block/dm-0
  sys-devices-virtual-block-dm\x2d1.device loaded active plugged /sys/devices/virtual/block/dm-1
  sys-devices-virtual-block-dm\x2d2.device loaded active plugged /sys/devices/virtual/block/dm-2
  sys-subsystem-net-devices-eno1.device loaded active plugged /sys/subsystem/net/devices/eno1
  sys-subsystem-net-devices-wlp2s0.device loaded active plugged /sys/subsystem/net/devices/wlp2s0
  -.mount loaded active mounted /
  dev-hugepages.mount loaded active mounted Huge Pages File System
  dev-mqueue.mount loaded active mounted POSIX Message Queue File System
  home.mount loaded active mounted /home
  media-usbhd\x2dsdc1.mount loaded active mounted /media/usbhd-sdc1
  media-usbhd\x2dsdc2.mount loaded active mounted /media/usbhd-sdc2
  mnt-backup.mount loaded active mounted /mnt/backup
  mnt-data.mount loaded active mounted /mnt/data
  srv.mount loaded active mounted /srv
  sys-kernel-debug.mount loaded active mounted Debug File System
  tmp.mount loaded active mounted /tmp
  var.mount loaded active mounted /var
  systemd-ask-password-console.path loaded active waiting Dispatch Password Requests to Console Directory Watch
  systemd-ask-password-wall.path loaded active waiting Forward Password Requests to Wall Directory Watch
  dbus.service loaded active running D-Bus System Message Bus
  dcron.service loaded active running Periodic Command Scheduler
  [email protected] loaded active running Getty on tty1
  httpd.service loaded active running Apache Web Server
  iptables.service loaded active exited Packet Filtering Framework
  mysqld.service loaded active running MySQL database server
  net-auto-wired.service loaded active running Provides automatic netcfg wired connection
  ntpd.service loaded active running Network Time Service
  rc-local.service loaded active exited /etc/rc.local Compatibility
  rtorrent.service loaded active running rTorrent Service
  sshd.service loaded active running OpenSSH Daemon
  sshguard.service loaded active running Block hacking attempts
  systemd-cryptsetup@luks_backup.service loaded active exited Cryptography Setup for luks_backup
  systemd-cryptsetup@luks_data.service loaded active exited Cryptography Setup for luks_data
  systemd-cryptsetup@luks_swap.service loaded active exited Cryptography Setup for luks_swap
  systemd-journald.service loaded active running Journal Service
  systemd-logind.service loaded active running Login Service
  systemd-modules-load.service loaded active exited Load Kernel Modules
  systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
  systemd-sysctl.service loaded active exited Apply Kernel Variables
  systemd-tmpfiles-setup.service loaded active exited Recreate Volatile Files and Directories
  systemd-udev-trigger.service loaded active exited udev Coldplug all Devices
  systemd-udevd.service loaded active running udev Kernel Device Manager
  systemd-user-sessions.service loaded active exited Permit User Sessions
  systemd-vconsole-setup.service loaded active exited Setup Virtual Console
  dbus.socket loaded active running D-Bus System Message Bus Socket
  dmeventd.socket loaded active listening Device-mapper event daemon FIFOs
  lvmetad.socket loaded active listening LVM2 metadata daemon socket
  systemd-initctl.socket loaded active listening /dev/initctl Compatibility Named Pipe
  systemd-journald.socket loaded active running Journal Socket
  Last edited by rwd (2013-03-10 08:32:59)

  WonderWoofy wrote:Does enabling the socket work? Sshd with systemd has socket activation, which is awesome.
  Nice, this solves it indeed. thanks!
  For anyone with the same problem it was just a matter of:
  # systemctl disable sshd.service
  # systemctl enable sshd.socket
  see https://wiki.archlinux.org/index.php/Se … shd_daemon
  Last edited by rwd (2013-03-10 09:08:43)

• How to web filtering via two network cards?

  I have Installed Server 2008 and two network cards
  on my pc. One LAN card for clients access and one for internet router. I need to share internet connection to my client computers with
  web filtering. So how to do that? I need to block some sites to client access.

  Hi,
  According to your description, my understanding is that you want to use the WS 2008 to share Internet connection and provide web filtering function for internal clients.
  Internal clients –(NIC1) WS 2008(NIC2) – Internet router – Internet network
  Manually assign IP address, default gateway, DNS server, etc. on NIC2. Manually assign IP address, DNS server, etc. on NIC1.
  Install Network Policy and Access Services – Routing and Remote Access Services. Detailed steps reference:
  Install and Enable the Routing and Remote Access Service
  https://technet.microsoft.com/en-us/library/cc770798(v=ws.10).aspx
  Then open Routing and Remote Access and start configuration. Enable NAT on NIC2 to transfer IP address. Detailed steps reference:
  Enable and Configure NAT
  https://technet.microsoft.com/en-us/library/dd469812.aspx
  Windows Server itself does not support web-based filter, third-party tools with application-layer firewall might be needed to realize this function. Configure WS as a router, it supports IP packet filtering, which specifies which type of traffic is allowed
  into and out of the router. Reference：
  https://technet.microsoft.com/en-us/library/cc732746(v=ws.10).aspx
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]