Latest Server related questions

how i can have this config?

• Server A --> use Server B ip as nameserver in /etc/resolve.conf
• Server B --> forward all req on port 53 to Server C:53 using iptables
• Server C --> resolve incoming dns queries

Server B iptables config:

iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to-destination Server_C:53
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination  ...

As a sysadmin, I'm fairly experienced with IPv4. As such, I feel comfortable configuring firewalls to expose servers/services to the Internet with public IPv4 addresses.

I have a basic understanding of IPv6 addresses and name resolution in IPv6. Also, I understand that I can use TCP, UDP and ICMP in the same way as with IPv4, just with "a longer address", and that, due to the abundance of addresse ...

I am a ”networking beginner“, so I hope this question makes sense.

I have an Ubuntu 22.04 server and a virtual machine based on qemu/multipass (also running Ubuntu 22.04). The goal is to have the web server running in the vm. I use port forwarding with ipv4 for that.

The machine has a single public ipv4 and a ipv6 /64 net.

I can connect to the web VM from the outside with ipv4 (port 80 and 443), bu ...

From a lot of our customers, we have been getting reports that Outlook unexpectedly crashes (complete process restart).

So far it has been impossible to reproduce, we can only analyze the logs after the fact and the only thing we know so far is that if we turn one specific add-in off, then the problem stops (it's a local add-in that helps sending e-mails with a configurable template). This add-in ...

In the University I work, we want to buy a workstation with one or two powerful GPUs. We want students to be able to use the workstation remotely. This is the main restriction. It would be nice if multiple users could use the workstation simultaneous with isolated development environments but with shared resources (GPU, RAM), but this is not as important. Everyone can wait the turn :) I am looking for a ...

I hope this question is consistent with the rules of the forum. Our access to the international internet from Iran has become very difficult. Only some specific VPNs work.

Do you have any suggestions for me to set up a vpn server to work in Iran? For example, a specific protocol - a specific trick - using a specific type of data center.

I have an api running at http://127.0.0.1:9650. For example the following is giving a json object as response:

curl http://127.0.0.1:9650/ext/health

I would like to make the following work at https://example.com/my-node/ext/health.

I have the following nginx configuration:

 location /my-node {
    proxy_pass http://127.0.0.1:9650;
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote ...

I have a working SSL Environment in my test lab on Windows 2019. Now I need to use Apache2 on Ubuntu 22.04 to access a web server over SSL.

In which format I must export the Windows Server CA? I tried .p7b converted to pem, or a certificate exported in base64 but still not working. Getting various errors when I try to start Apache2.

Is there a guide to follow?

Thank you.

I'm running pfSense on a Dell Poweredge R640, but after upgrading to the latest bios, it has trouble booting. The attached picture says that LBR is not available. Any idea what that means and how to fix it?

Thanks.

Picture of BIOS crash

I'm trying to install Postgresql 9.6.24 on Oracle Linux 8.6 as it contains some bug fixes and other patches that we need. This concrete version is not present in the Oracle Linux 8 repositories, only up to version 6.9.22 installing it as a module:

yum install @postgresql:9.6

I tried to install it from RHEL and CentOS repositories, but I find a lot of dependencies issue that, as much as I try to fix ma ...

We have a network interface that is open to the Internet. (ens160) We created an ipip tunnel and it was established correctly as expected (we placed 10.10.30.1 <-->10.10.30.2 | mytun) then we tried to create an OpenVPN interface to allow remote users access to this ipip tunnel and grant access to 10.10.30.1 server. (OpenVPN was properly setup on 10.10.30.2 server)

Now I need to pass traffic ...

I have environment:

• Jenkins
• Docker
• proxmox with vm and lxc container
• angular 9 project

Problem is with my Dockerfile building, it takes around 35-40min.

My dockerfile

FROM node:12.6-stretch

ARG ABSOLUTE_PATH=./app
ARG build_command="node --max_old_space_size=5120 node_modules/@angular/cli/bin/ng build"
COPY $ABSOLUTE_PATH/package.json /app/package.json
COPY $ABSOLUTE_PATH/.npmrc /app/.npmrc

WORK ...

I need to restrict access to application based on ip address and need to block displaying page if it is opened other than chrome. Now i can able to restrict ip, But if i put the browser checking option, then instead of ip address checking, browser checking error document is displaying.

RewriteEngine on
RewriteMap hosts-allow "txt:D:\conf\apache\allowlist.txt" ErrorDocument 403 "This ip is not permi ...

Why am I able to telnet to my machine on port 80 when I do not have http or port 80 opened and there are no services listening on port 80?

sudo firewall-cmd --list-all --zone=public

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: em1
  sources:
  services: dhcpv6-client ssh
  ports: 12345/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  ...

I installed and enabled the Brotli module just fine through SSH. Then, I added this to my port 80 VirtualHost config:

<IfModule mod_brotli.c>
    SetOutputFilter BROTLI_COMPRESS
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-brotli
    AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
</IfModule>

After restarting Apa ...

I'm trying to make sure that the machine is accepting tcp connections on port 8245, however I am unable to connect.

When I try from an external machine: telnet myhostname.com 8245

I get:

Unable to connect to remote host: Connection refused

I have already added the port on the host machine via firewall-cmd:

sudo firewall-cmd --zone=public --add-port=8245/tcp --permanent
sudo firewall-cmd --reload

Currently we put public accessible resources like ALB inside public subnet, application servers and data storages inside private subnet (different data storage, say RDS and Elasticache, have their own subnets). All the subnets are living inside a single VPC.

My question is, is it 1) possible; 2) necessary to split this VPC into 2 separate VPCs, one VPC contains only public subnet and another VPC  ...

This is on Fedora Core 35: This environment is mature and has a few systems that are called either firewalls or gateways, and for the first time, we want to do an NFS share to one of these systems.

After having trouble with the mount on the client, I proved the server's config is fine by doing an identical mount on a different internal system using copy-paste of the /etc/fstab entry. I figured it ...

This is specifically on Ubuntu 20.04, but I believe the behavior is common:

Please take this fstab entry, creating a read-only mount:

/data/testDir/iso/ubuntu-20.04.4-live-server-amd64.iso /data/testDir/mnt iso9660 ro 0 0

Here is the related directory structure for that:

# ls -l /data/testDir/
drwxr-xr-x 2 root root   50 Apr  7 22:07 iso
drwxr-xr-x 1 root root 2048 Feb 23  2022 mnt

Everything mounts fi ...

I am using postgres, pgadmin, nginx docker images, also using gunicorn and launching using docker-compose.

I am able to do following things sucessfully as below:

1. All services are up and running.
2. Able to login pgadmin(via nginx).
3. Able to create server and fired queries on database.

Issue is: when I click on logout button. Although, I am able to logout and redirected to login page. But on terminal, I am ...

We have an 'old' Dell PE r740xd server with quite high specs, installed with rhel 7 (latest). Running ls -l on / can take minutes.

Some specs:

# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                80
On-line CPU(s) list:   0-79
Thread(s) per core:    2
Core(s) per socket:    20
Socket(s):             2
NUMA node(s):      ...

My goal is to put in some common properties for a subset of the hosts in the config. The following two examples are close except for replacing a Host section with a Match section and destination host aliases. The first example here works as intended, if I'm matching against the nickname. However, my goal is to apply the special parameters to every host on a particular subnet. Wildcarding the Host alia ...

I have 2 server (server A and server B). I installed Openvpn on server A and use OPENVPN CONNECT on my laptop and iphone (iOS) and all thing is ok. now when i check my ip in laptop and iOS show SERVER A IP. good.

I installed sshuttle on server A and after run:

sshuttle --dns -D -r root@SERVER_B_IP

after entry password, now my ip in server A is SERVER B IP and all thing is fine.

when i use openvpn  ...

when i try to connect to tryhackme network the connection just stalls and won't connect here is the log

2022-10-05 18:56:26 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-2 ...

I have read many HowTo's, e-books, internet pages, etc, about the use of ACLs in programs like iptables, squid, etc. on linux In the examples, they use the following file extensions:

file.lst
file.acl
file.txt
file (no extension)

In the examples, the content of the ACLs is varied (urls, IP addresses, MAC addresses, etc.)

question: On linux, what are the recommended extension for access control lists ACLs ...

I'm having a bit of trouble. I'm created a group policy to create a short to the desktop with a url link. I've done this in the pass without any issues, but now, i'm getting an error that one of the gp is missing on our DC1 and DC 2. I determined that this isn't a replication issue as i was able to create files on both dc1 and dc2 respectively and both files were able to show up. I did a dcspofix on dc1 ...

Does someone know if there is a Fail2Ban filter for Apache GSSAPI Module Authentication (mod_auth_gssapi)?

The Fail2Ban "apache-auth.conf" filter seems not working for this kind of authentication.

Thanks in advance

I have a site with Ubuntu 20.04, php 8.1, and nginx 1.23.1. If I restart nginx and php-fpm I can login, browse the site, and everything works. If I wait a certain amount of time with no activity on the site (10-15 minutes?), I start getting 302 Found errors no matter what page I try to go to. If I restart nginx and php-fpm again, everything starts working again. I can't figure out what's causing this. H ...

When creating a libvirt guest using XML, how do I determine what 'arch' values are valid for <domain><os><type arch=?>? The problem is, for example, arm is invalid and must be armv7l instead. How is one supposed to know that?

The documentation says:

There are also two optional attributes, arch specifying the CPU architecture to virtualization, and machine referring to the machine ...

How to make Network managers always start (after laptop boot) with WiFi and WWAN disabled?

I prefer to always enable them manually after laptop boot for security and connection cost control reasons.

Extra info:

1. Disabling auto-connect is not a valid option in my case as WWAN (LTE) connection is unstable (breaks too frequently) See https://serverfault.com/a/1112325/163277