Latest Server related questions

I'm trying to set up a Pi Hole to run inside a LXC container on Ubuntu 22.04.

So far I successfully initialized LXC, created the container and installed Pi Hole. The host IP is 192.168.153.2. The container is running on a bridge network with the IP 10.123.145.237.

I then went on to set up a port forward to expose the DNS server of Pi Hole.

$ lxc network forward create lxdbr0 192.168.153.2
$ lxc network  ...

hi I'm running an Ubuntu 20.04.5 server I'm using it for dynamic port forwarding kinda like a vpn but the problem is when I'm downloading something or there is multiple connections ping increases drastically 500ms-1000ms but if I run two tunnels even to the same user and download from one and test my ping from the other the ping is perfectly fine. I've tried tunneling with the root user but still when t ...

I have tried send alert notification for AWS IAM all users activity from lambda python, however its not working, please share any other way to work and find below cloudwatch event patter and lambda code I used in my aws account.

Cloudwatch event patter:

  "source": [
    "aws.iam"
  ],
  "detail-type": [
    "AWS API Call via CloudTrail"
  ],
  "detail": {
    "eventSource": [
      "iam.amazonaws.com ...

here is the crontab for root on my CentOS7 :

# crontab -l
# Lines below here are managed by Salt, do not edit
# SALT_CRON_IDENTIFIER:CLEANCORE
0 * * * * /var/lib/scality/cleancore/clean_core.bash --log --pattern "/var/tmp/core-\%e-\%p-\%t" --maxsize 10G --keep 3
0 18 * * */2 /root/shl/synchro_ADN_To_Scality.sh

The script /root/shl/synchro_ADN_To_Scality.sh did not run last night :

# ls ~/log | g ...

I am trying to create either an iptable or a BPF rule which will only allow Openvpn traffic over udp to my vpn server on destination port 1194 in the hopes of preventing ddos attacks to that port whilst still being able to connect to it. I would normally implement a simple whitelist of me and my friends' ips however one of them has a dynamic ip which changes very regularly so constantly updating my fire ...

Last night our datacenter host had issues filling up their storage (again!!!) and caused all our VMs to drop to r/o. After the admins allocated some more storage, a simple reboot on most of our VMs cleared their filesystem errors with the usual automatic fsck, but a few required it to run manually, halting the boot after the message "UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY". After that, all the VMs ...

I read that NFS v4 requires only port (2049). This is the post I relied on.
However, if I do a rpcinfo -p before starting nfs, I see:

rpcinfo -p
program vers proto   port  service
100000    4   tcp    111  portmapper
100000    3   tcp    111  portmapper
100000    2   tcp    111  portmapper
100000    4   udp    111  portmapper
100000    3   udp    111  portmapper
100000    2   udp    111  portmapp ...

In the computers and users I add a new OU then add users to it(see left side of pic). Then I add a GPO to group(see right side of pic). However they don't apply. The only way I can get them to work is to add them to main domain See wallpaper GPO (top middle pic). What am I doing wrong?

detailed pic

Rebooting Rocky Linux 9 is very fast until I enable user linger:

loginctl enable-linger foo

I haven't added any new services to run under the foo user.

After this change, reboot, shutdown, poweroff commands cause the system to mostly shut down, but then the process hangs. If I forcibly shut down the VM via the hypervisor, the system reboots right away. In the logs from the previous boot, I often see so ...

I am encountering an issue where I am unable to receive a response when attempting to ping from a namespace located within a public EC2 instance to a private one. To better illustrate my situation, I have included a diagram below.

Update:

Private Subnet:

Public Subnet:

Private Route:

Public Route:

NAT:

I'm hosting all my users websites on server1, it has multiple websites, e.g. user1.com, user2.com, user3.com ...

Our upstream provider no longer support reverse DNS, so I need to use server2 to help send out emails. Both server1 and server2 have Postfix installed.

I'd like to ask how to configure postfix and DNS of the users' websites so that server2 can send emails for all websites that are being h ...

In PHP 7.3.33 and Apache 2.4 I want to run iptables from PHP (web server enviroment) in order to block/unblock IPs, from command line, this works fine:

/usr/sbin/iptables --insert INPUT --source example.com --jump DROP

But if I try from PHP with this code:

exec('/usr/sbin/iptables --insert INPUT --source example.com --jump DROP', $return);
print_r($return);

I get a blank result and iptables rule is not  ...

We have a server where we want to connect other servers and clients via VPN. In some circumstances, I want full network traffic to be routed, so that the client's public IP address becomes the same as the server's public IP. This works as is out of the box.

But what I want in addition are clients who can connect to the LAN, have access to the private IP block, but NOT route their internet traffic ...

I'm on RHEL7.9 Linux. I have a server (IP a.b.c.d) serving a webApplicationA and using https in nginx and it's working accessible at https://a.b.c.d.

On that same machine (same IP, a.b.c.d) I have an AppImage running which is a DIFFERENT web application, webApplicationB serving map tiles accessible at http://a.b.c.d:3650. WebApplicationA needs to load the map tiles from http://a.b.c.d:3650, that is fr ...

Which of the pods is killed in Deployment during rollout?

Eg: there is a deployment with replicas: 2 and maxUnavailable: 1.

When you deploy a new version of the manifest 1 pod is killed while new version (new 2 pods) is rolled out. So which of the 2 is picked?

I install Ubuntu server 22.04

I install apache2

I install PHP

I install PostgreSQL and phpPgAdmin

I install freeradius 3.0

ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/sql

ln -s /etc/freeradius/3.0/mods-available/rest /etc/freeradius/3.0/mods-enabled/rest

ln -s /etc/freeradius/3.0/mods-available/sqlcounter /etc/freeradius/3.0/mods-enabled/sqlcounter

nano /etc/freer ...

This Windows Server VM is under host Esxi version 7.0 update 3. It's a DB server, hence quite critical in production.

Some points that I need to make:

• The event occurs randomly (non specific days and times), with a rate of 2-3 times per week. The machine shuts down and never boots back up again. Someone has to do it manually.

• Known errors are logged by Windows during start-up, but apparently have nothi ...

I am using libpcap to transmit packets between two VETH pairs {veth1, veth1peer} and {veth2, veth2peer} and using each others peer to inject packets upwards to veth1 or veth2 and disabled "rp-filter" and enabled "accept_local" feature.

I have a python UDP server that listens on veth2 IP address, but when I send UDP packet from veth1 to veth2 (by injecting the packet from veth1 to veth2peer) the sniffe ...

On my new Debian Bookworm, the file /usr/share/perl5/Net/Server/Fork.pm generates an error in logs each time Munin calls it. The error logged is

"Use of uninitialized value in numeric eq (==) at /usr/share/perl5/Net/Server/Fork.pm line 168."

In Debian Bullseye, there is no error.

By the way, here are the differences between the two versions :

5c5
< #  Copyright (C) 2001-2017
---
> #  Copyri ...

I have Ubuntu server with several users. I want to allow any of those users to access a PostgreSQL database installed also in that server using their respective Linux usernames and passwords without having to use the SQL CREATE USER/ROLE. Is this possible? What could be needed if those users use LDAP to login into that server?

Thanks in Advance

LAYOUT

192.168.0.103(THE ONE LOSES THE CONNECTION - WIRESHARK CAPTURE)

192.168.0.84(THE ONE WORKS PROPERLY - WIRESHARK CAPTURE)

We have an app that receives data from one of our devices. We installed our receiver app to both Tablet(Win10-192.168.0.84) and Desktop(Win10-192.168.0.103). But we lose connection from mostly .103 and it seems like happens in every 1(sometimes 2) hour. But in exact time ...

I have a TP-Link EAP115 Access Point. I would like to setup a guest network, so that people who come to my house and use the WiFi cannot port scan the rest of my network. And I really only care about the wired devices: if several people are all on the guest Wi-Fi together, it is OK if they see each other's devices.

The TP-Link EAP115 has options for both a "Guest Network" and VLAN. At first, I wa ...

One of our users gets locked from AD once a week. I have identified the source computer which causes the lockout by checking event 4740 on our domain controller.

By monitoring network activity via Procmon from Sysinternal tools, the only process communicating with our domain controller at the time of the lockout is lsass.exe. I can reproduce the account lockout manually by authenticating with a w ...

What rules do I need to create in OpnSense firewall to allow routing of packages from external interface to internal, without masquerade? Let me explain: I have an gateway running OpnSens with a valid IP A.A.A.A (WAN interface) and internal IP 192.168.100.X (Lan interface). All devices under LAN can navigate using NAT/MASQUERADE without any problem. I also have another computers running with valid  ...

I have a VPN server that tunnels traffic to a PostgreSQL database server which is otherwise unreachable from the internet. The VPN is only reachable by IPv4.

Problem

All clients can establish a VPN connection. Some clients can't connect to the database. A tcpdump reveals that the traffic times out at some point in the process.

A peculiar thing about this is that the clients - using the same notebook

So I have this server on Ubuntu 22.04 with a few ip rules, and they get overwritten every few minutes. All my rules get deleted pure and simple.

example of such rules: ip rule add pref 10 from all fwmark 0x117 lookup 17

An "ip rule list" show them to me alright, then a few minutes later the same command gives me an almost empty list.

Does anybody know what is causing this? I can't believe I'm the only  ...

I have working httpd config (reverse proxy) that forwards requests to proxy:

Listen 443 https

<VirtualHost *:443>
    ServerName  public-dns.example.org
    ServerAlias internal-hostname.internal

    ProxyPreserveHost On

    RewriteEngine On

    #check & block some URLs in target service
    RewriteCond %{REQUEST_URI} ^/service
    RewriteRule /service(/(api(/(([a-zA-Z_-]+)(/|/.*swagg ...

We had an issue with autoscaling in our prd env, where the autoscaler was not able create new VMs due to an error in the template.

We want to be pro-active on this, and set up alert whenever there is an error in autoscaling. I can't figure out any GCP documentations or metrics to use here.

Any help will be appreciated.

I have access to a service (Kafka broker) in our enterprise network that is accessible via the VPN or select whitelisted IPs. I can connect via kafkacat locally (on the vpn or in the office) but not inside GCP (Google Cloud Platform). I get a generic error message "Broker Transport Fail" both in GCP and locally if I'm not on the VPN.

Everything we're running in GCP is cluster (Kubernetes) based,  ...

Edit: Once the reshape finished the drive became fully accessible again.

I had a power failure while a raid6 array was being reshaped, and now certain operations cannot be run against it, including mounting or mdadm --examine.

To add to my woes, one of the drives failed a smart test and has read errors.

The reshape has resumed, but I fear there is some corruption that won't get repaired if/when it comp ...