Apache question
Hi We have a lot of strange log entry in our NetScreen FireWall: Nov 12 11:42:51 172.20.125.1 NSNAME: NetScreen device_id=NSNAME [MYISP]system-notification-00257(traffic): start_time="2003-11-12 11:42:10" duration=0 policy_id=51 service=tcp/port:20158 proto=6 src zone=Trust-XXX dst zone=Untrust action=Deny sent=0 rcvd=0 src=62.XX.YYY.ZZZ dst=80.58.50.239 src_port=80 dst_port=20158 * 62.XX.YYY.ZZZ is a server with Apache1.3.x that it only serves static pages. * All the NICs have Public IP Address. Internet | | NetScreen | | Alteon(load balance) |_ | | | | Apache1 ... ApacheN Do you know why Apache has this behavior? Why Apache initiates the connections with src_port 80 and random dst_port? Thanks in advance
Apache question
Hi We have a lot of strange log entry in our NetScreen FireWall: Nov 12 11:42:51 172.20.125.1 NSNAME: NetScreen device_id=NSNAME [MYISP]system-notification-00257(traffic): start_time="2003-11-12 11:42:10" duration=0 policy_id=51 service=tcp/port:20158 proto=6 src zone=Trust-XXX dst zone=Untrust action=Deny sent=0 rcvd=0 src=62.XX.YYY.ZZZ dst=80.58.50.239 src_port=80 dst_port=20158 * 62.XX.YYY.ZZZ is a server with Apache1.3.x that it only serves static pages. * All the NICs have Public IP Address. Internet | | NetScreen | | Alteon(load balance) |_ | | | | Apache1 ... ApacheN Do you know why Apache has this behavior? Why Apache initiates the connections with src_port 80 and random dst_port? Thanks in advance -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody + proftpd + ldap = segfault
hi swoog (192.168.50.11[192.168.50.11]) - ProFTPD terminating (signal 11) Does it ring a bell ? There is no sufficient information, perhaps you must up the debug level (try -d 9). If you can't see the error, try to run it without mod_ldap configuration (using your system users). If nothing works you can use a strace command (system call tracer) to obtain more data. The most simple use is strace -p good luck
Re: woody + proftpd + ldap = segfault
hi swoog (192.168.50.11[192.168.50.11]) - ProFTPD terminating (signal 11) Does it ring a bell ? There is no sufficient information, perhaps you must up the debug level (try -d 9). If you can't see the error, try to run it without mod_ldap configuration (using your system users). If nothing works you can use a strace command (system call tracer) to obtain more data. The most simple use is strace -p good luck -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody + proftpd + ldap = segfault
hi I have tried to install proftpd with ldap support on woody. Everything seems configured properly, but everytime proftpd launches an ldap lookup, it dies there. The ldap server logs the request and returns data, then proftpd dies : Start proftpd in debug mode: proftpd -nd5 http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Debugging.html Thanks
Re: woody + proftpd + ldap = segfault
hi I have tried to install proftpd with ldap support on woody. Everything seems configured properly, but everytime proftpd launches an ldap lookup, it dies there. The ldap server logs the request and returns data, then proftpd dies : Start proftpd in debug mode: proftpd -nd5 http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Debugging.html Thanks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Apache: one or more instances
hi I have an Apache with several VirtualHost and now I have a doubt. I don't know if is better run all vh in a single instance or use two or more Apaches in different path. I use IP-based and Port-based vhost NO Name-based (of course). Where I can find information or server benchmark for measuring the performance of Apache (mutli-vhost) Thanks
Apache multi log analyze
Hi I've a web server farm in load balance... I would like analyze all logs that they are rotated daily and kept in backup system. I could consolidate them into a single log file (sorted by time) and then analize it but this single file is very large and I cannot keep it in disk by many days. I'm looking for a tool that is able to keep historical from each log analyzed and shows the accumulated results (by day, by week, by month, by year,...) something like MRTG (perhaps this is not a good comparison). do you understand me? Do you know any tool to do this? Thanks
Re: DNS server
So it should provide the base features of BIND ... but I'd rather like to step away from it for security reasons. Another option should be the posibiltiy to chroot it (like the default chroot of other daemons like postfix, etc). BIND 9.2.x of course, http://www.isc.org/products/BIND/bind9.html Some of the important features of BIND 9 are: * DNS Security DNSSEC (signed zones) TSIG (signed DNS requests) * Views One server process can provide multiple "views" of the DNS namespace, e.g. an "inside" view to certain clients, and an "outside" view to others. You can configure it in chroote jail http://www.linuxsecurity.com/docs/LDP/Chroot-BIND-HOWTO.html Regards -- ****** Eduard Ballester i Valiosmailto:[EMAIL PROTECTED] GnuPG Public Key: http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x58B18964 **
Re: DNS server
So it should provide the base features of BIND ... but I'd rather like to step away from it for security reasons. Another option should be the posibiltiy to chroot it (like the default chroot of other daemons like postfix, etc). BIND 9.2.x of course, http://www.isc.org/products/BIND/bind9.html Some of the important features of BIND 9 are: * DNS Security DNSSEC (signed zones) TSIG (signed DNS requests) * Views One server process can provide multiple "views" of the DNS namespace, e.g. an "inside" view to certain clients, and an "outside" view to others. You can configure it in chroote jail http://www.linuxsecurity.com/docs/LDP/Chroot-BIND-HOWTO.html Regards -- ****** Eduard Ballester i Valiosmailto:[EMAIL PROTECTED] GnuPG Public Key: http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x58B18964 ** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: load balancing
My question: do you know any software like Perdition but for FTP service? > We use ftpproxy from suse, it's packaged for Debian so have a look. I'm not sure how like perdition it might be though. Do you know if ftpproxy can redirect connection per user? Can I use LDAP accounts? -- ****** Eduard Ballester i Valiosmailto:[EMAIL PROTECTED] GnuPG Public Key: http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x58B18964 **
Re: load balancing
My question: do you know any software like Perdition but for FTP service? > We use ftpproxy from suse, it's packaged for Debian so have a look. I'm not sure how like perdition it might be though. Do you know if ftpproxy can redirect connection per user? Can I use LDAP accounts? -- ****** Eduard Ballester i Valiosmailto:[EMAIL PROTECTED] GnuPG Public Key: http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x58B18964 ** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: load balancing
Hello For load balancing create several POP and IMAP proxies with an IPVS load balancer in front. Use Perdition on the POP and IMAP proxies to direct the connection to the correct back-end server that has the mail. I had used Perdition+LDAP and it works fine!!! My question: do you know any software like Perdition but for FTP service? I use FTP+LDAP accounts (proFTPd+mod_ldap), a proxyFTP with LDAP support would be easily implemented by me. |ProxyFTP| | / \\ \ |FTP1| |FTP2|. -- ** Eduard Ballester i Valiosmailto:[EMAIL PROTECTED] GnuPG Public Key: http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x58B18964 **
Re: load balancing
Hello For load balancing create several POP and IMAP proxies with an IPVS load balancer in front. Use Perdition on the POP and IMAP proxies to direct the connection to the correct back-end server that has the mail. I had used Perdition+LDAP and it works fine!!! My question: do you know any software like Perdition but for FTP service? I use FTP+LDAP accounts (proFTPd+mod_ldap), a proxyFTP with LDAP support would be easily implemented by me. |ProxyFTP| | / \\ \ |FTP1| |FTP2|. -- ** Eduard Ballester i Valiosmailto:[EMAIL PROTECTED] GnuPG Public Key: http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x58B18964 ** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail & Virtual user table.
Hello > I realize I can set up a catch all for each of the domains, but I'm > looking for something a little more elegant. I think that the only way is this: @thisdomain.com %1.thisdomain @thatdomain.net %1.thatdomain @theotherdomain.org %1.theotherdomain [EMAIL PROTECTED] is local user name joe.thisdomain [EMAIL PROTECTED] is local user name joe.thatdomain Regards -- ****** Eduard Ballester i Valiosmailto:[EMAIL PROTECTED] GnuPG Public Key: http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x58B18964 ** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]