Re: bind9 prevents external access
Am Mittwoch, 21. März 2007 19:48 schrieb Justin Hartman:
> On 3/21/07, Oliver Jato <[EMAIL PROTECTED]> wrote:
> > you'll probably have to tell bind to use recursion for fetching adresses
> > which are not in his authority. in options, set "allow-recursion {
> > 127.0.0.1; };". if you want others on your network to use your bind, too,
> > also
> > add "192.168.1/24;", for example.
>
> I've added the allow-recursion setting for all my IP addresses on the
> network in named.conf.options but still no joy...
sorry, i forgot that you'll have to add "recursion yes;" to enable recursion.
the allow-recursion part was only to filter for whom your bind will resolve
recursive queries. you'll have to add both inside the "options { ... };" part
of your named.conf.local.
--
Grüße / Regards,
Oliver
If God had meant for us to be naked, we would have been born that way.
Re: bind9 prevents external access
Am Mittwoch, 21. März 2007 19:10 schrieb Justin Hartman:
> Very strange problem which I'm sure is pretty easy to fix - if you
> know how. I installed bind9 with lsb-base on a Debian Etch system. The
> problem is that as soon as bind9 is installed I can no longer ping or
> access external sites from the bind9 server.
>
> For example I can't ping google.com or run apt-get commands because it
> simply timesout. As soon as bind9 is "turned off" I regain full access
> to run software updates on the server etc.
>
> Somewhere, somehow bind9 is blocking access and it's driving me mad -
> any help appreciated.
hi,
you'll probably have to tell bind to use recursion for fetching adresses which
are not in his authority. in options, set "allow-recursion { 127.0.0.1; };".
if you want others on your network to use your bind, too, also
add "192.168.1/24;", for example.
--
Grüße / Regards,
Oliver
If you suspect a man, don't employ him.
Re: Debian livecd
Am Freitag, 23. Februar 2007 21:33 schrieb José Pablo Fernández: > I need to do FS maintenance, mdadm and fsck, and I'd be booting with a CD > only to have root not even mounted as read only, so this is not really an > option. "Recovery Is Possible" handles mdadm plus lvm2 setups very good. Plus it's very small and it's available with or without X: http://www.tux.org/pub/people/kent-robotti/looplinux/rip/ -- Grüße / Regards, Oliver God is subtle, but he is not malicious. -- Albert Einstein
Re: SQL insert dupe prevention problem
Am Samstag, den 23.09.2006, 11:06 -0400 schrieb Ben Breslauer: > You really want to use a primary key or unique constraint on table.a in > order to prevent duplicates from being entered. The documentation for > your database should tell you how to set one up. in addition to that you may want to use replace instead of insert Grüße / Regards, Oliver -- Soitainly. I was assuming that came with the OO-ness of it. -- Larry Wall in <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cron-job
> Example (which not works)
> index.php
>
> // Read last timestamp
> $file_name = "last_mail";
> $file = fopen($file_name, "r+");
> $content = fread($file, filesize($filename));
>
> $time = time();
> if($file[0] >= $time + $diff) {
> include "mailscript.php";
>
> // Write time back to file
> fseek($file, 0);
> fwrite($file, $time);
> }
>
> fclose($file);
>
> ?>
either like this, where it would be good if you could register the
script as a shutdown function, but then you'll have to be aware of the
difference in behaviour of register_shutdown_function() in differing php
versions.
or, if you're lucky, the cli version of php is installed and you can
call any php script with "php -f yourscript.php".
Grüße / Regards,
Oliver
--
Earth -- mother of the most beautiful women in the universe. -- Apollo,
"Who Mourns for Adonais?" stardate 3468.1
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeNX package
hi, add this to your apt sources: deb http://debian.tu-bs.de/project/kanotix/unstable/ sid nx deb-src http://debian.tu-bs.de/project/kanotix/unstable/ sid nx Am Freitag, den 09.06.2006, 13:20 +0200 schrieb Benjamí Villoslada: > Exists one FreeNX official package? For Debian Sid. > > TIA > Grüße / Regards, Oliver -- About the time we think we can make ends meet, somebody moves the ends. -- Herbert Hoover -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to install jdk1.5?
Am Mittwoch, den 24.05.2006, 08:26 -0600 schrieb Ed: > I'm trying to install jdk1.5 on my Sarge system. I ran the I did a > search for jdk in Debian space and found very little. > > I downloaded the jdk-1_5_0_06-linux-i586.bin file, and ran the > install. I tried it in both /usr/local and then again in my > /home/myusername space. In neither case did it install correctly. When > I try to run javac or anything else (install eclipse) it can't find > the java install. > > Are there no deb files, or can anyone help me to get this file installed? > > Thanks, > hi, you will find sun and ibm debs here and there (target release sid, you may want to change this): deb http://ftp.debian-unofficial.org/debian sid main contrib non-free restricted deb ftp://ftp.gwdg.de/pub/languages/java/linux/debian/ sid non-free Grüße / Regards, Oliver -- They also surf who only stand on waves. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: No shell, Only FTP access
Am Donnerstag, den 06.04.2006, 23:30 +0200 schrieb Øyvind Lode: > Hi > > Thank you :-) > > I'm just running a server for some friends and family so it's not that > important. > > I stopped using ftp for some time and just scp/sftp but some compained > about poor scp/sftp support in Dreamweaver so I put ftp back online. > > But I don't wan't all of them to have shell access though so for now I > just gave these users /bin/false (and updated /etc/shells thanks to Mike > Bird :-) > > My server has grown larger and larger with quite a few domains now and > still rising but it's still just for "trused" friends etc but still i > dont want all of them to have shell access. > > So since my service has grown a little bit more than first expected I > will indeed check out your package suggestions because they look like > being exactly what I need. > > And yes I considering switching to proftpd but havn't got the time yet > and I also need to setup my own DNS service using BIND... And probably > switch from Exim to Postfix for the MTA. > > And by the way I use SSL on all MySQL administration through phpMyAdmin :-) > > -Øyvind > > > > Roberto C. Sanchez wrote: > > Øyvind Lode wrote: > >> Hello all > >> > >> I running a webserver with multiple users and domains. > >> I want some users to have no shell access, only FTP access to upload > >> websites and chroot'ed in their home directory. > >> > >> I have all the domains located in /home/www/domainname1/ , > >> /home/www/domainname2/ etc. > >> > >> I give the user proper access to the domain under /home/www/. > >> I chroot'ed the user in /home/www/domainname1/ > >> I gave shell /bin/false > >> > >> User is denied shell access but also FTP!!! > >> If I give /bin/bash and test the user is logged inn and chroot'ed in > >> /home/www/domainame1/ > >> > >> I'm using vsFTPd. > >> > >> How can I deny shell access and allow FTP? > >> > > > > You might get better answers on the debian-isp list. > > > > Have you considered any of the following? > > > > 1) Using a package like scponly or rssh? (You probably should not let > > your users use an insecure protocol like ftp anyways) > > 2) Using an ftp server that supports virtual users (not sure if vsftpd > > does) so that they don't even have accounts on the machine? > > 3) Using something like linux-virtual-server to give each user their own > > disk space? > > > > -Roberto > > > > hello, someone correct me if i'm wrong, but if you want to give a real user ftp access he needs shell access. you could create a virtual user with vsftp and deny ssh and ftp access to the real user. but i don't know how this would affect chrooting and permissions. i'm afraid i can't help you with creating virtual vsftp users, i never did it, but i shouldn't be very difficult. Grüße / Regards, Oliver -- Of course you have a purpose -- to find a purpose. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: logcheck driving me nuts
Am Sonntag, den 02.04.2006, 17:35 +0200 schrieb Pim Bliek: > ^[[:alnum:]-]+autodeny[[:alnum:]-]+$ i don't know about logcheck and the regexp syntax it uses, but try ^.*autodeny\.rb.*$ you may have to start and finish the expression with a slash. Grüße / Regards, Oliver -- All things are either sacred or profane. The former to ecclesiasts bring gain; The latter to the devil appertain. -- Dumbo Omohundro -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: How do I make my NIC pick the same ETH port every time?
i think this could be done with udev rules, though i only used them to
always have the same device aliases for my external fw disks.
here you'll find out how to write udev rules:
http://reactivated.net/writing_udev_rules.html
and this is a snippet i found on a web site:
# cat /etc/udev/network.rules
KERNEL=”eth*”, SYSFS{address}=”xx:xx:xx:xx:xx:x1″, NAME=”lan1″
KERNEL=”eth*”, SYSFS{address}=”xx:xx:xx:xx:xx:x2″, NAME=”lan2″
KERNEL=”eth*”, SYSFS{address}=”xx:xx:xx:xx:xx:x3″, NAME=”wlan1″
# cd /etc/udev/rules.d/ && ln -s ../network.rules z35_network.rules
Grüße / Regards,
Oliver
--
I'm also pre-POURED pre-MEDITATED and pre-RAPHAELITE!!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MySQL won't start....
> I actually changed the password while using phpmyadmin. > did you select password in the function drop down box when editing the entries? passwords are not stored in clear text. but please, like tat said, check your ports and the bind-address in my.cnf. if you really messed up your root password and you have no write access to the mysql database, there comes no way of rescuing to my mind than back up the database files, install again and copy them over to the new installation, except the old mysql database. but there are probably better ways to fix this. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: MySQL won't start....
Am Dienstag, den 21.03.2006, 12:46 -0600 schrieb Nate Lundquist:
> Hello everybody, I recently setup a web server on Debian Sarge.
>
> After setup there was the debian-maintinence account for mysql that I
> haven't touched. There was also a root account with no password that I
> did change. But there was also another root account with no password
> that I changed, and ever since then I get the following error when
> trying to start mysql:
>
> /usr/bin/mysqladmin: connect to server at 'localhost' failed
> error: 'Can't connect to local MySQL server through socket
> '\var\run\mysqld\mysqld.sock ' (2)'
> Check that mysqld is running and that the socket:
> '\var\run\mysqld\mysqld.sock\ exists!
>
> Well, it doesn't exist, and I'm not sure what to do. It wasn't until I
> changed the password on the second root account that I started receiving
> this error. Was I supposed to just leave the second root's password blank?
>
>
hi, i'm not sure if the error message is related to what you have done
with the password or to mysqld's networking setting.
anyway, how did you change the password? did you use mysqladmin or did
you change the password field in the mysql user table without using the
password function?
usually one would change the password like this if it has not been set
before:
mysqladmin -u root password "newpassword"
or this:
mysql -u root mysql
UPDATE user SET Password=PASSWORD("newpassword") WHERE User="root";
if you set a password use mysql's -p switch to ask for it.
oliver
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: permissions on ftp'd (vsftpd) files
> set. I'd like for the uploaded files to automatically be 644. hi brian, you can enable this with local_umask=022 in vsftpd.conf oliver -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: strange bluetooth pairing woes
i still couldn't find the solution. my headset paired successfully, my phone seems(!) to pair successfully too. i have some hcidump output from the part where the error seems to occur, maybe someone is able to help with this? greets, oliver > HCI Event: Number of Completed Packets (0x13) plen 5 handle 49 packets 1 > ACL data: handle 49 flags 0x02 dlen 8 L2CAP(d): cid 0x0040 len 4 [psm 3] RFCOMM(s): DM: cr 1 dlci 4 pf 1 ilen 0 fcs 0xbc < ACL data: handle 49 flags 0x02 dlen 8 L2CAP(d): cid 0x01f9 len 4 [psm 3] RFCOMM(s): DISC: cr 1 dlci 0 pf 1 ilen 0 fcs 0xfd < ACL data: handle 49 flags 0x02 dlen 12 L2CAP(s): Disconn req: dcid 0x01f9 scid 0x0040 > HCI Event: Number of Completed Packets (0x13) plen 5 handle 49 packets 1 > HCI Event: Number of Completed Packets (0x13) plen 5 handle 49 packets 1 > ACL data: handle 49 flags 0x02 dlen 8 L2CAP(d): cid 0x0040 len 4 [psm 3] RFCOMM(s): UA: cr 1 dlci 0 pf 1 ilen 0 fcs 0xd7 > ACL data: handle 49 flags 0x02 dlen 12 L2CAP(s): Disconn rsp: dcid 0x01f9 scid 0x0040 < HCI Command: Disconnect (0x01|0x0006) plen 3 handle 49 reason 0x13 Reason: Remote User Terminated Connection > HCI Event: Command Status (0x0f) plen 4 Disconnect (0x01|0x0006) status 0x00 ncmd 1 > HCI Event: Disconn Complete (0x05) plen 4 status 0x00 handle 49 reason 0x16 Reason: Connection Terminated by Local Host before it tries to connect rfcomm -a says: rfcomm0: 00:0E:07:6C:78:B9 channel 2 clean after the connection attempt it says: rfcomm0: 00:0E:07:6C:78:B9 channel 2 closed some output from kmobiletools: kmobiletools: Testing PDU mode... ( COMMENT: now the error message pops up ) kmobiletools: PDU mode: false kmobiletools: IsMotorola:false; canDoMM*:false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
strange bluetooth pairing woes
hi,
i'm having some weird troubles pairing my mobile phone with my pc.
bluetooth is up and running, i'm already using skype with a bluetooth
headset (bound with btsco on login) and i can also transfer files to my
phone with obexftp and transfer files from my phone to the pc.
my phone's mac is bound automatically when bluetooth starts up
to /dev/rfcomm0. /dev/rfcomm is perm 660 with group dialout and i am
part of this group.
this is what works: i remove the paired device entry on my phone, remove
the paired device entry in /val/lib/bluetooth/.../linkkeys and
restart /etc/init.d/bluetooth. then i start kmobiletools and my phone
asks if i want to add my pc and asks for the pin. i click ok and my pc
asks for the same pin. then kmobiletools works, i also sent a sms to
myself to test it. when i close kmobiletools and open it again it claims
there was an error initializing the device, just if i had not paired
them or chose the wrong device. the mac of my phone and the
authentication string were succesfully added
to /var/lib/bluetooth/.../linkkeys.
obex file transfer showed me the same behaviour. when removing the
pairing before i could read the root directory of my phone but when
trying to get a level deeper or read the root directory again i get an
error.
since today i cannot browse bluetooth devices in konqueror because of
bluetooth:/ not being a valid protocol. i don't know how this happend,
it worked yesterday. but that should not be the point here since the
shown behaviour was the same.
i'm using all this stuff on sid with gnome. i created a
symlink /etc/bluetooth/link_key -> /var/lib/bluetooth/.../linkkeys so i
could watch the paired devices in the paired devices manager of
kbluetoothd. and i also wonder why the addresses listed by the manager
do not match my devices addresses, wich are the phone, the headset and
the bt usb dongle (dbt-120). maybe they mean something else, i just
don't know. some config info follows below.
help appreciated,
oliver
/etc/bluetooth/hcid.conf
options {
autoinit yes;
security user;ir once and deny successive attempts
pairing multi;
pin_helper /usr/bin/bluepin;
}
device {
name "%h-%d";
class 0xff0100;
iscan enable;
pscan enable;
lm accept;
lp rswitch,hold,sniff,park;
auth disable;
encrypt disable;
}
/etc/bluetooth/rfcomm.conf
rfcomm0 {
bind yes;
device 00:0E:07:6C:78:B9;
channel 2;
comment "K700i";
}
#/var/lib/bluetooth/00:13:46:05:A6:7A/linkkeys (permission is 600)
00:0D:44:0C:0F:75 AUTH-STRING-OF-HEADSET 0
00:0E:07:6C:78:B9 AUTH-STRING-OF-MOBILE 0
#hciconfig -a
hci0: Type: USB
BD Address: 00:13:46:05:A6:7A ACL MTU: 192:8 SCO MTU: 64:8
UP RUNNING PSCAN ISCAN INQUIRY
RX bytes:442 acl:0 sco:0 events:22 errors:0
TX bytes:330 acl:0 sco:0 commands:19 errors:0
Features: 0xff 0xff 0x8f 0x78 0x18 0x18 0x00 0x80
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH HOLD SNIFF PARK
Link mode: SLAVE ACCEPT
Name: 'flyricky-0'
Class: 0xff0100
Service Classes: Positioning, Networking, Rendering, Capturing
Device Class: Computer, Uncategorized
HCI Ver: 1.2 (0x2) HCI Rev: 0x632 LMP Ver: 1.2 (0x2) LMP Subver:
0x632
Manufacturer: Cambridge Silicon Radio (10)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: VNC client/server combo doing VNC over HTTP
i use nxserver (freenx), it's in apt, plus the official client from www.nomachine.com, available for windows, macintosh and linux (rpm and deb). all traffic runs over ssh, so sshd must be running, and it's much faster than any vnc. i didn't keep an eye on this project during the last months, but i think also audio transmission should be working by now. Am Freitag, den 10.03.2006, 08:13 -0500 schrieb Mark Fletcher: > Hi > > I'm looking for a VNC server to run on my home Debian setup that will > allow me to connect to it from work. Trouble is, work is behind a > (justly) paranoid corporate firewall which will allow me to connect out > on HTTP/HTTPS on the usual web ports and not a lot else. So I'm looking > for a solution where the server can be Debian, the client can be Windows > 2000 and comms between the two can be HTTP or better HTTPS over > 80/81/443/8080 etc. > > I stumbled over x11vnc which looks good but doesn't appear to support > communicating over HTTP(s). And my searches on sourceforge etc find me > products that do what I want but the server side has to be Windows. > Anyone got any alternative ideas? > > Thanks > > Mark > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: import/convert apple address book?
since i don't own a mac anymore i asked a friend to export my address book file as a single vcard. somehow evolution didn't accept it, but i found a small java app that converts vcf to ldif (vcf2ldif.jar) and it did this very good. the ldif file was accepted by evolution :) thanx! olli Am Freitag, den 10.03.2006, 16:35 +0100 schrieb Mladen Adamovic: > It would be probably good idea if you could use your Mac OS software to > export it into more readable format for Linux. > In case that is impossible I would suggest to try to see is it possible > to import it into Yahoo, Gmail , Gmx, Hotmail, etc. account and > afterwards to export it into Netscape format. > That way - importing into Yahoo or some other public web mail providers > and later export it into some another format helped me with the similar > address book format problems. > > Oliver Jato wrote: > > hi, > > > > i'm trying to find a way to import an apple "AddressBook.data" file. i'm > > using evolution so importing it straight would be great. but some way of > > converting it to csv or whatever is usable with a texteditor would help > > too. any experience with this? > > > > cheers, > > olli > > > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
import/convert apple address book?
hi, i'm trying to find a way to import an apple "AddressBook.data" file. i'm using evolution so importing it straight would be great. but some way of converting it to csv or whatever is usable with a texteditor would help too. any experience with this? cheers, olli -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
