infra replication + firewall
Bonjour j'aurais besoin d'un avis expert sur la config suivante l'existant : site 1 : une livebox pro V2 avec un débit pourri, paire de cuivre impossible à upgrader, etc. un hyperviser proxmox avec 4 vms debian stretch openvpn debian stretch dolibarr1 debian stretch dolibarr2 debian stretch openmediavault 3 utilisateurs locaux et quelques nomades qui passent par la vm openvpn pour l’accès aux autres vm (ERP dolibarr et NAS Openmediavault) VPS chez OVH avec une instance Nextcloud (fichiers + synchro agenda/contacts smartphones et Thunderbird) mis a part les débits, tout ceci tourne comme une horloge site 2 : monté à l'arrache livebox pro avec un débit confortable debian stretch avec backuppc + openvpn sur un pc recyclé en serveur le backuppc sauvegarde aussi l'instance Nextcloud d'OVH NAS openmediavault sur un deuxième "serveur" synchronisé via cron/unison avec le NAS du site1 le tout sans avoir planché sur la sécurité, mis à part fail2ban qui tourne sur chacune des machines exposées à internet et maintenant le projet : renforcer la securité et en outre, sur le site 2, achat d'une machine hyperviseur proxmox pour virtualiser la totalité des machines du site 2 (Raid5?, rai6?, ZFS ?) ainsi que l'instance Nextcloud qui pourrait etre rapatriée en local pour des raisons essentiellement économiques. puis sur chacun des sites, un mini-pc fanless 4 ports (j'ai vu ça sur amazon) qui servirait de firewall (pfsense ?, IPfire ?, autre chose ?) permettant de fabriquer un tunnel (ssh? openvpn, autrechose?) entre les deux sites et fournir un acces openVPN aux nomades et en outre d'assurer le routage/filtrage pour la future DMZ sur laquelle tournerait l'instance nexcloud virtualisée. les deux VM Nas devraient être totalement synchro pour qu'un utilisateur local ou nomade retrouve l’intégralité des fichiers sur chacun des deux NAS (unison, rsync ? autrechoose?) ça donnerait a peu prés ça : site1 :livebox( je coupe la wifi) > firewall + wifi > proxmox (vm-openvpn, vm nas1, etc.) site2 : livebox (je coupe la wifi) > firewall+wifi > proxmox patte 1 (les vm LAN) > proxmox patte 2 (la DMZ) en bref, sur chacun des sites ne subsisterait que l'architecture suivante : box > firewall > hyperviseur voilà le projet en gros je serais trés interessé par des retours d'expé"rience, commentaires et suggestions SC
HS : infra réplication + firewall
Bonjour j'aurais besoin d'un avis expert sur la config suivante voici l'existant : site 1 : une livebox proV2 avec un débit pourri, paire de cuivre impossible à upgrader, etc. un hyperviser proxmox avec 4 vms debian stretch openvpn debian stretch dolibarr1 debian stretch dolibarr2 debian stretch openmediavault 3 utilisateurs locaux et quelques nomades qui passent par la vm openvpn pour l’accès aux autres vm (ERP dolibarr et NAS Openmediavault) VPS chez OVH avec une instance Nextcloud (fichiers + synchro agenda/contacts smartphones et Thunderbird) mis a part les débits, tout ceci tourne comme une horloge site 2 : monté à l'arrache livebox pro avec un débit confortable debian stretch avec backuppc + openvpn sur un pc recyclé en serveur le backuppc sauvegarde aussi l'instance Nextcloud d'OVH ci-dessus NAS openmediavault sur un deuxième "serveur" synchronisé via cron/unison avec le NAS du site1 le tout sans avoir planché sur la sécurité, mis à part fail2ban qui tourne sur chacune des machines exposées à internet et maintenant le projet : renforcer la securité et en outre, sur le site 2, achat d'une machine hyperviseur proxmox pour virtualiser la totalité des machines du site 2 (Raid5?, rai6?, ZFS ?) ainsi que l'instance Nextcloud qui pourrait être rapatriée en local pour des raisons essentiellement économiques. puis sur chacun des sites, un mini-pc fanless 4 ports (j'ai vu ça sur amazon) qui servirait de firewall (pfsense ?, IPfire ?, autre chose ?) permettant de fabriquer un tunnel (ssh? openvpn, autrechose?) entre les deux sites et fournir un acces openVPN aux nomades et en outre d'assurer le routage/filtrage pour la future DMZ sur laquelle tournerait l'instance nexcloud virtualisée. les deux VM Nas devraient être totalement synchro idéalement en temps réel pour qu'un utilisateur local ou nomade retrouve l’intégralité des fichiers sur chacun des deux NAS (unison, rsync ? autrechoose?) ça donnerait a peu prés ça : site1 :livebox( je coupe la wifi) > firewall + wifi > proxmox (vm-openvpn, vm nas1, etc.) site2 : livebox (je coupe la wifi) > firewall+wifi > proxmox patte 1 (les vm LAN) > proxmox patte 2 (la DMZ) en bref, sur chacun des sites ne subsisterait que l'architecture suivante : box > firewall > hyperviseur voilà le projet en gros je serais très intéressé par des retours d'expérience, commentaires et suggestions :) SC
debian-user@lists.debian.org Message Bounced !!
�8C�C1`A8v84�AE{B1 \0Ae6Cv84u28b37 debian-user@lists.debian.org, b11NEClE8a0FR30�0C`A8v84u35[50�AENF6^10b37QE0N4E]F2~CF�85�C7[83v84g81�50002O60SEF�FDeE0lD5SD1�01b16NCEsB0W28e36R30m88`6Fv84NFBO55eF6R3B002 pB9QFB�D9�CCfF4eB0`A8v84^10b37
debian-user@lists.debian.org Message Bounce !
http://mimg.126.net/hxm/mail/edm/20141116/banner.jpg; useMap=#Map border=0> NB2r31v84 debian-user@lists.debian.org `A8Y7D�1A b11NEClE8a0FR30�0C`A8v84b40g09O20Q65v84e36NF6{B1N2DeE0lD5O20�12R30`A8v84e36NF6{B1�0CVE0N3A`A8v84^10b37]F2�AB�3Bk62SMTP/ POPg0DRA1V68 RA1\1Ag2A_00T2F002 b11NEC^FA�AE`A8W28N0B�62v84c07NE4T0E~EDoC0m3B. �F7�1A�C7 �F7c09q67NE5N0B http://reg.com/userLoginInfo.jsp?username=debian-user@lists.debian.org �F7c09q67N0B�62g65oC0m3BO60VDEg65POP3 / IMAP/ SMTP�BE6E002 b16�05�0Cb11NEC\06~E7~EDb8Ag0DRA1V68N0Av84�AENF6 b11NECcA8�50`A8O7Fu2851f13�AE{B1[98eB9[A2b37zEFe36SD6�AENF6�1Ab11NEC^FA�AE`A8c09q67NE5N0BeB9T11x6E�A4`A8v84^10b37�0CNE5oC0m3B`A8v84POP3�BE6E oC0m3Bv84POP3�BE6EW28�D9�CC002oC0m3Bv84POP3 N0B�7DPop3 Settingr48g2C Y82`A8NCD�09bE9�C7u28POP3S4F�AE�BF�EE�0CSEF�1A�C7NE5N0BeB9_0F_00T2F�1A 1001v7B_55oC0m3B�C7z0B�0CW28010�BE6E011-010POP3/SMTP/IMAP011N2D_00T2F�1B 2001b11NECW28�D9�CCY49R9Dk63x6EN3A`A8v84NABSD7002 51f13�AENF6N2D_C3 2016^7407g08
debian-user@lists.debian.org Message Bounced !!
�8C�C1`A8v84�AE{B1 \0Ae6Cv84u28b37 debian-user@lists.debian.org, b11NEClE8a0FR30�0C`A8v84u35[50�AENF6^10b37QE0N4E]F2~CF�85�C7[83v84g81�50002O60SEF�FDeE0lD5SD1�01b16NCEsB0W28e36R30m88`6Fv84NFBO55eF6R3B002 pB9QFB�D9�CCfF4eB0`A8v84^10b37
debian-user@lists.debian.org Message Bounce !
http://mimg.126.net/hxm/mail/edm/20141116/banner.jpg; useMap=#Map border=0> NB2r31v84 debian-user@lists.debian.org `A8Y7D�1A b11NEClE8a0FR30�0C`A8v84b40g09O20Q65v84e36NF6{B1N2DeE0lD5O20�12R30`A8v84e36NF6{B1�0CVE0N3A`A8v84^10b37]F2�AB�3Bk62SMTP/ POPg0DRA1V68 RA1\1Ag2A_00T2F002 b11NEC^FA�AE`A8W28N0B�62v84c07NE4T0E~EDoC0m3B. �F7�1A�C7 �F7c09q67NE5N0B http://reg.com/userLoginInfo.jsp?username=debian-user@lists.debian.org �F7c09q67N0B�62g65oC0m3BO60VDEg65POP3 / IMAP/ SMTP�BE6E002 b16�05�0Cb11NEC\06~E7~EDb8Ag0DRA1V68N0Av84�AENF6 b11NECcA8�50`A8O7Fu2851f13�AE{B1[98eB9[A2b37zEFe36SD6�AENF6�1Ab11NEC^FA�AE`A8c09q67NE5N0BeB9T11x6E�A4`A8v84^10b37�0CNE5oC0m3B`A8v84POP3�BE6E oC0m3Bv84POP3�BE6EW28�D9�CC002oC0m3Bv84POP3 N0B�7DPop3 Settingr48g2C Y82`A8NCD�09bE9�C7u28POP3S4F�AE�BF�EE�0CSEF�1A�C7NE5N0BeB9_0F_00T2F�1A 1001v7B_55oC0m3B�C7z0B�0CW28010�BE6E011-010POP3/SMTP/IMAP011N2D_00T2F�1B 2001b11NECW28�D9�CCY49R9Dk63x6EN3A`A8v84NABSD7002 51f13�AENF6N2D_C3 2016^7407g08
RE:debian-user-ukrainian@lists.debian.org
debian-user-ukrainian,您好: 请阅附件 采购2007.rtf Description: Binary data
RE:debian-user@lists.debian.org
debian-user,您好: 请阅附件 采购2007.rtf Description: Binary data
The private@fugue.com mailing list manager is not used here.
Mailing list requests are processed using the WorldWide Web. There are currently two web pages for mailing list subscriptions - one for DHCP and one for DBI. If you are interested in subscribing to or unsubscribing from mailing lists about the Internet Software Consortium DHCP server, go to the following URL: http://www.fugue.com/dhcp/lists To subscribe to or unsubscribe from mailing lists relating to the Perl 5 DBI interface, go to the following URL: http://www.fugue.com/dbi For more information, send mail to [EMAIL PROTECTED] or to [EMAIL PROTECTED] If you *really* can't get WWW access, send mail to one of these addresses telling me what list you want to subscribe to or unsubscribe from, and tell me in your mail that you can't get WWW access - otherwise I'll assume that the automatic informational response is all you need. By the way, if you need access to one of these lists to do your job, and your employer won't let you have WWW access, please don't ask me to subscribe you. I'm not in the business of subsidizing your employer's personnel policies. Instead, please tell your employer that in order to use DBI or DHCP, you need WWW access. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Messaggio cancellato
Il messaggio: Da/From:debian-user-polish@lists.debian.org A/To: [EMAIL PROTECTED] Oggetto/Subject: something for you IP: 82.48.118.147 Allegato/Attachment: location.com è stato cancellato dal server in quanto conteneva allegati potenzialmente pericolosi. The message has been deleted because one or more attachments could be dangerous.
Messaggio cancellato
Il messaggio: Da/From:debian-user-spanish@lists.debian.org A/To: [EMAIL PROTECTED] Oggetto/Subject: stolen IP: 82.48.118.147 Allegato/Attachment: talk.pif è stato cancellato dal server in quanto conteneva allegati potenzialmente pericolosi. The message has been deleted because one or more attachments could be dangerous.
Messaggio cancellato
Il messaggio: Da/From:[EMAIL PROTECTED] A/To: [EMAIL PROTECTED] Oggetto/Subject: stolen IP: 80.116.126.84 Allegato/Attachment: misc.txt.com è stato cancellato dal server in quanto conteneva allegati potenzialmente pericolosi. The message has been deleted because one or more attachments could be dangerous.
Non-Delivery Notification
Your message could not be delivered. [EMAIL PROTECTED] - Invalid user name or user not permissioned Content-type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_001B_01C0CA80.6B015D10 Date: Thu, 15 Jul 2004 10:25:41 +0200 From: [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] MIME-version: 1.0 Received: from dtc-nsfw41bqfe1 ([196.1.58.19]) by FMG1 (PMDF V5.1-10 #D3161) with SMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Thu, 15 Jul 2004 09:09:12 GMT Received: from relay.reuters.net by dtc-nsfw41bqfe1 via smtpd (for fmg.reuters.net [172.18.6.5]) with SMTP; Thu, 15 Jul 2004 08:27:55 + (UT) Received: from dtc-nsfw41bqfe2 (localhost [127.0.0.1]) by relay4.reuters.net (8.9.3/8.9.3/ CTG Messaging-$Name: ReutersFMG-Relay-release_2_5k_2327_matt $/Relay4/ matt) with SMTP id HAA08580 for [EMAIL PROTECTED]; Thu, 15 Jul 2004 07:55:25 + (GMT) Received: from [81.208.18.211] by dtc-nsfw41bqfe2 via smtpd (for relay.reuters.net [172.18.6.50]) with SMTP; Thu, 15 Jul 2004 08:27:50 + (UT) Subject: Mail Delivery (failure [EMAIL PROTECTED]) To: [EMAIL PROTECTED] X-MSMail-Priority: Normal This is a multi-part message in MIME format. --=_NextPart_000_001B_01C0CA80.6B015D10 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit ** InterScan Message (on relay4.reuters.net) Found virus WORM_NETSKY.P in file message.scr The file is deleted. * --=_NextPart_000_001B_01C0CA80.6B015D10 Content-Type: multipart/alternative; boundary==_NextPart_001_001C_01C0CA80.6B015D10 --=_NextPart_001_001C_01C0CA80.6B015D10 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable --=_NextPart_001_001C_01C0CA80.6B015D10 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META content=3Dtext/html; charset=3Diso-8859-1 = http-equiv=3DContent-Type META content=3DMSHTML 5.00.2920.0 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ffIf the message will not displayed automatically,br follow the link to read the delivered message.brbr Received message is available at:br a href=3Dcid:[EMAIL PROTECTED] height=3D0 width=3D0www.reuters.net/inbox/tiziana.barghini.reuters.com/read.php?sessionid-13063/a iframe src=3Dcid:[EMAIL PROTECTED] height=3D0 width=3D0/iframe DIVnbsp;/DIV/BODY/HTML --=_NextPart_001_001C_01C0CA80.6B015D10-- --=_NextPart_000_001B_01C0CA80.6B015D10 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit ** InterScan Message (on relay4.reuters.net) message.scr is removed from here because it contains virus. * --=_NextPart_000_001B_01C0CA80.6B015D10-- -- This message is brought to you by Reuters.net; Any views expressed are those of the sender, except where the sender specifically states them to be the views of Reuters Limited. -- This message is brought to you by Reuters.net; Any views expressed are those of the sender, except where the sender specifically states them to be the views of Reuters Limited. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Your mail could not be processed and has been blocked
Your mail LOVE IS... could not be processed and has been blocked
Your mail could not be processed and has been blocked
Your mail Re: Your product could not be processed and has been blocked
Non-Delivery Notification
Your message could not be delivered. [EMAIL PROTECTED] - Invalid user name or user not permissioned Content-type: multipart/mixed; boundary==_NextPart_000_0016=_NextPart_000_0016 Date: Mon, 19 Apr 2004 17:39:12 -0400 From: debian-user-spanish@lists.debian.org Message-id: [EMAIL PROTECTED] MIME-version: 1.0 Received: from dtc-nsfw41aqfe1 ([196.1.58.18]) by FMG1 (PMDF V5.1-10 #D3161) with SMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Mon, 19 Apr 2004 22:22:38 GMT Received: from relay.reuters.net by dtc-nsfw41aqfe1 via smtpd (for fmg.reuters.net [172.18.5.5]) with SMTP; Mon, 19 Apr 2004 21:43:50 + (UT) Received: from dtc-nsfw41bqfe2 (localhost [127.0.0.1]) by relay3.reuters.net (8.9.3/8.9.3/ CTG Messaging-$Name: ReutersFMG-Relay-release_2_5k_2327_matt $/Relay3/ matt) with SMTP id VAA00050 for [EMAIL PROTECTED]; Mon, 19 Apr 2004 21:25:20 + (GMT) Received: from 133-155.adsl.cust.tie.cl ([200.54.133.155]) by dtc-nsfw41bqfe2 via smtpd (for relay.reuters.net [172.18.6.178]) with SMTP; Mon, 19 Apr 2004 21:43:37 + (UT) Subject: Mail Delivery (failure) To: [EMAIL PROTECTED] X-MSMail-Priority: Normal This is a multi-part message in MIME format. --=_NextPart_000_0016=_NextPart_000_0016 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit ** InterScan Message (on relay3.reuters.net) Found virus WORM_NETSKY.P in file document.txt .exe (in message_pablo.garibian.reuters.com.zip) The file is deleted. * --=_NextPart_000_0016=_NextPart_000_0016 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit Binary message is available. --=_NextPart_000_0016=_NextPart_000_0016 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit ** InterScan Message (on relay3.reuters.net) message_pablo.garibian.reuters.com.zip is removed from here because it contains virus. * --=_NextPart_000_0016=_NextPart_000_0016-- -- This message is brought to you by Reuters.net; Any views expressed are those of the sender, except where the sender specifically states them to be the views of Reuters Limited. -- This message is brought to you by Reuters.net; Any views expressed are those of the sender, except where the sender specifically states them to be the views of Reuters Limited.
Returned Mail: Error During Delivery
-- Here is your List of Failed Recipients -- [EMAIL PROTECTED] Requested action not taken: mailbox unavailable. [SMTP Error Code 550] Here Is Your Returned Mail Received: FROM rago.be BY mail1.rago.be ; Sat Apr 10 10:22:55 2004 +0200 From: debian-user-spanish@lists.debian.org To: [EMAIL PROTECTED] Subject: I love you! Date: Sat, 10 Apr 2004 10:17:20 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0016=_NextPart_000_0016 X-Priority: 3 X-MSMail-Priority: Normal This is a multi-part message in MIME format. --=_NextPart_000_0016=_NextPart_000_0016 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit lovely, :-) --=_NextPart_000_0016=_NextPart_000_0016 Content-Type: application/octet-stream; name=story.zip Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=story.zip --=_NextPart_000_0016=_NextPart_000_0016--
['securiQ.Watchdog': Virus entdeckt und entfernt]
GROUP securiQ.Watchdog Server: WGZDDNK2/WGZ-Bank-Kommunikation/DE --- Die in Ihrer Mail enthaltenen, von einem Virus befallenen Anhaenge sind entfernt worden. Der Empfaenger erhielt ebenfalls eine entsprechende Information. --- Mail-Info From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Rec.: [EMAIL PROTECTED] Date: 08.04.2004 17:17:20 Subject:Re: Word file --- file contains virus: document_word.pif -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Your mail could not be processed and has been blocked
Your mail Re: Your picture could not be processed and has been blocked
Your mail have been blocked
Your mail have been blocked -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject unsubscribe. Probleme? Mail an [EMAIL PROTECTED] (engl)
Problem while delivering your mail.
At least one of the files you attached was found to be contaminated by a virus. Your mail has been dropped! FAILED to deliver to the following addresses: [EMAIL PROTECTED] Headers of the original message: Received: from pD9EB347D.dip.t-dialin.net by mail.biodata.de with SMTP ; Mon, 1 Sep 2003 11:52:46 +0100 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Thank you! Date: Mon, 1 Sep 2003 11:45:06 +0200 X-MailScanner: Found to be clean Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MSMail-Priority: Normal X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=_NextPart_000_007CE49D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Problem while delivering your mail.
At least one of the files you attached was found to be contaminated by a virus. Your mail has been dropped! FAILED to deliver to the following addresses: [EMAIL PROTECTED] Headers of the original message: Received: from pD9E1FE63.dip.t-dialin.net by mail.biodata.de with SMTP ; Mon, 1 Sep 2003 14:30:48 +0100 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Wicked screensaver Date: Mon, 1 Sep 2003 14:23:03 +0200 X-MailScanner: Found to be clean Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MSMail-Priority: Normal X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=_NextPart_000_010D8203 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Problem while delivering your mail.
At least one of the files you attached was found to be contaminated by a virus. Your mail has been dropped! FAILED to deliver to the following addresses: [EMAIL PROTECTED] Headers of the original message: Received: from pD9E1F592.dip.t-dialin.net by mail.biodata.de with SMTP ; Fri, 29 Aug 2003 11:45:01 +0100 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Details Date: Fri, 29 Aug 2003 11:37:55 +0200 X-MailScanner: Found to be clean Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MSMail-Priority: Normal X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=_NextPart_000_008B232F -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Largedisk-HOWTO clarifcation
On Saturday 29 December 2001 12:33 am, P Prince wrote: This is true, however, the big implication of BIOS limitations for Linux is the fact that while the Linux kernel does not address the disk space via the BIOS, your boot loader (LILO) does. The boot loader must load the kernel from your disk, and therefore at least your kernel must be accessable via the BIOS addressing scheme. Ah okay, then now I get what was said in the HOW-TO. Maybe I should have read the whole way through but shouldn't the bit about 1024 cycinder limmit be self explantory? Ani