We help IT Professionals succeed at work.

Linux Networking

18K

Solutions

15K

Contributors

The variety of Linux distributions creates myriad issues relating to configuration and operations when computers are networked, not the least of which is the use of various network management applications, some of which are included with specific distributions, while others are standalone applications.

I am trying to setup squid proxy to re-encrypt connections between old TLS1.0 enabled devices and modern web sites which mostly support only TLS1.2+
It is capable now to do TLS downgrade, like translate TLS1.3 to TLS1.2. I know that, because I can connect to a site which understands only up to TLS1.2 with the following command:
openssl s_client -tls1_3 -CAfile /etc/squid/cert.pem -connect tls12only.site.com:443 -tlsextdebug -proxy 127.0.0.1:3128

Open in new window

And s_client output contains lines:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384

Open in new window

Removing the -proxy option in the command above makes the connection impossible.
So, now I need to make it work opposite - to upgrade the TLS version.
However, I found out that squid apparently does not support TLS1.0/TLS1.1 at all. OpenSSL itself does support that. The following command succeeds:
openssl s_client -tls1 -connect tls1only.site.com:443 -tlsextdebug

Open in new window

with the following in the output:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA

Open in new window

But the same does not work through the proxy:
openssl s_client -tls1 -CAfile /etc/squid/cert.pem -connect tls1only.site.com:443 -tlsextdebug -proxy 127.0.0.1:3128
CONNECTED(00000003)
140360358970496:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:../ssl/record/rec_layer_s3.c:1544:SSL alert number 70
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 46 

Open in new window

0
hi am not able to ping another vm but am able to ping the same vm from another vm
ping23vmping234.PNG
0
no internat no gui after installing oracle linux
lnxusr43unx
0
hi error installing oracle linux i have attach the disk
linuxvdii2
0
All computers using  windows XP are not  connecting with samba share. Others SO are connecting fine..
0
I an creating a folder on my CentOS server which is mounted to a share on my Windows server. I have edited '/etc/fstab' to create the mount using credentials (i.e. Windows username and password) stored in a text file on the linux box. This all works perfectly at the moment.

This may seem a stupid question but do I need to:
  1. Create a samba user (if so how would I 'link' that user to the mounted directory) ?
  2. Edit the '/etc/samba/smb.conf' file to add a section for the mounted directory ?

I ask because I am NOT sharing anything from the CentOS box out and it works perfectly (i.e creating / deleting / modifying files and folders) without any of those settings.

Looking online it is really difficult to get a clear guide to Samba as they all have a slightly different take and most are talking about creating Linux shares not just consuming Window shares.
0
I have been playing with SSH local and remote port forwarding and have a little understanding of it. I am wondering if it is same as SOCKS protocol and how using SSH dynamic port we can achieve it.

Also, I am wondering what is the use case of SOCKS when we have VPN and port forwarding.

Thanks in Advance
0
Hi,
Any procedure for me to, once build the first standalone MySQL, to convert standalone MySQL to a 3x nodes MySQL innodb cluster?
0
I have Ubuntu 18.04 LTS (64-bit) laptop.  Was it shipped with anti-virus software?  If not, what anti-virus do I need to install?

How to run full anti-virus scan?
0
Hello, so I've been trying to fiddle with iptables for my web server. Everything is working except for passive ftp and I can't seem to get it right.

Here are my iptables rules:

-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m conntrack --ctstate ESTABLISHED -j ACCEPT 
-A INPUT -j DROP 
COMMIT

Open in new window


I have the line IPTABLES_MODULES="nf_conntrack_ftp" in iptables-config

Anyway, all ftp users aren't able to connect (they are if I disable iptables).
To put it better, they do connect but then they can never reach their root directory and they get an error saying the / directory couldn't be found.

So there must be something wrong in my IPTABLES, but I can't find it for the life of me. I've followed every guide I found and I can't find my mistake.

Can you guys lend a hand?
0
hi am having issue checking java home in linux
 java --version
Unrecognized option: --version
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.

i have this in my profile
export JAVA_HOME=/usr1/Oracle/jdk1.8.0_221
export PATH=$JAVA_HOME/bin:$PATH
0
hi how can i configure the temp folder
i what my  /usr1, /usr2, /usr3 path to poin to /temp with 10gib

Filesystem                 Size  Used Avail Use% Mounted on
devtmpfs                   3.8G     0  3.8G   0% /dev
tmpfs                      3.8G     0  3.8G   0% /dev/shm
tmpfs                      3.8G  8.9M  3.8G   1% /run
tmpfs                      3.8G     0  3.8G   0% /sys/fs/cgroup
/dev/mapper/app_zone-root   10G  4.6G  5.5G  46% /
/dev/mapper/app_zone-temp   10G   33M   10G   1% /temp
/dev/mapper/app_zone-usr2   30G   33M   30G   1% /usr2
/dev/mapper/app_zone-usr3   30G   33M   30G   1% /usr3
/dev/mapper/app_zone-usr1  120G   33M  120G   1% /usr1
/dev/mapper/app_zone-var    10G  2.7G  7.4G  27% /var
/dev/mapper/app_zone-home   10G   47M   10G   1% /home
/dev/sda2                   10G  219M  9.8G   3% /boot
tmpfs                      773M   16K  773M   1% /run/user/1000
/dev/sr0                    82M   82M     0 100% /run/media/calapp/VBox_GAs_6.0.
0
vboxclient not starting in my ubuntu
vboxclient32
0
hi there is no internet in my vm but my host got internat
hostnetwwkhost3332.PNG
0
To allow internet access to the internet I configured a gateway server on my small network of around 30 VMs. The gateway works well but I just want to make sure that this gateway server is as secure as possible since this gateway server is the only server in my network that has direct access to the internet. What security measures should I configure on this gateway server? Should I install a firewall? If so, how do I configure this firewall?
0
hi how do i partition my disk during installation i what my partition to look like this
lnxam in oracle linux
parti
0
I have a laptop that gets connected to the internet through WiFi. but many WiFi’s and depends where I am (home,office, customer,etc...)
my laptop is windows 10 Pro.
I have a virtual box installed and I have installed on it Ubuntu.
unfortunately I am not being able to make my Ubuntu VM connect to the internet.
can someone help me on how to achieve this ?
the weird thing is that I also have another VM that is windows 2012 server and this VM has internet without me doing any configuration change !
thank you
0
hi,
just a general question
few days before I got ec council storm device (rasbian Pi) to do my ech course
does anyone own this device ?  
1- I can’t find any power button to turn it on.
2- the device came with a USB cable. but if I plug to my laptop it turns on- but doesn’t charge at all. cannot use my iPhone charging adapter as well.   does it have a separate charging adapter ??
and if it’s charged, how do I turn it on without power button ?
0
How to best prep a new machine for running LXD containers?
0
Hi,
1. How to resolve issue below?

[code][root@28-218-217-172-on-nets home]# chown -R smb01 ~/home/share
chown: cannot access ‘/root/home/share’: No such file or directory
[root@28-218-217-172-on-nets home]#

Open in new window

[/code]
I want to grant write permission to user smb01.

2. Is "ls -l" enough to list out all rights of user smb01 on folder /home/share? Is there any other command?
0
I'm new to both Corosync and Pacemaker. I've looked through the documentation, and some tutorials - but I'm not sure my need is discussed. I have worked with other HA packages, so I'm familiar with most of the concepts.

In all of the tutorials, they discuss setting up a "floating IP" which is an IP address (apparently associated with a service), that is assigned automagically by Pacemaker/Corosync when the service needs to be failed over to another node.  

However, in my environment, I can't use a floating IP address, specifically. ALL of the IP addresses, to ALL computers (including my servers) are assigned by DHCP based on MAC address. The MAC-to-IP association is made via a DNS adm tool (that I do have access to.)

How I have managed failover of this sort in the past is to create virtual NICs on both machines (so BOTH machines each have two VNICs, which have the same MAC addresses). Then, if I "ifconfig up" and/or "ifconfig down" the VNICs, I defacto control which server holds the IP address.

For example:

Node 1:
# ip link add link enp2s0 address 00:11:11:11:11:11 enp2s0.1 type macvlan
# ip link add link enp2s0 address 00:11:11:11:11:01 enp2s0.2 type macvlan
# ifconfig enp2s0.1 up
# ifconfig enp2s0.2 down
# dhclient -v enp2s0.1 # obtains IP 14x.xxx.xxx.001

Node 2:
# ip link add link eno1 address 00:11:11:11:11:11 eno1.1 type macvlan
# ip link add link eno1 address 00:11:11:11:11:01 eno1.2 type macvlan
# ifconfig 

Open in new window

0
i have a centos 7 and installing httpd on it.
i open firewall for port 80 and start httpd services. service is running ok.

in my etc/hosts ihave
127.0.0.1 localhost localhost.localdomain
..
..
10.10.1.10  localhost

in my httpd.conf  ihave
ServerName 10.10.1.10

browse 10.10.1.10 says :  Not possible to connect to website 10.10.0.10

what is wrong here?
0
Hi Network Gurus,

I'm running a Linux lubuntu running PPTP VPN Server (PoPToP version 1.4.0).  I can connect externally to the VPN server however I can't browse the local network, nor browse the internet.

(I know PPTP isn't secure but i'll address that another time)

What routes do I need to add to be able to browse the local network and internet when connected to VPN?

Network Gateway is 192.168.178.1

VPN Server is 192.168.178.58

VPN is setup as server 192.168.0.1 with client addresses as 192.168.1.* (i'm assuming subnet 255.255.0.0?)

Thanks for your help and please ask if you need more info

Cheers,
Rob
0
how from nginx disable url with "//"
0
Adding User to Ubuntu

I need a user that I can use when I do not want to risk doing damage to my Ubuntu installation.

So, I ran

sudo su

then ran

adduser curiouswebster

following these instructions,
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04

is ran
usermod -aG sudo curiouswebster

but doesn't this add root privileges for curiouswebster??

If so, please help me downgrade the permissions.

I was hoping to log in as curiouswebster and install various systems, like Apache, MySQL, PHP and WordPress.

Shouldn't I use root for this?

Also, how do I log in as curiouswebster?

Thanks
0

Linux Networking

18K

Solutions

15K

Contributors

The variety of Linux distributions creates myriad issues relating to configuration and operations when computers are networked, not the least of which is the use of various network management applications, some of which are included with specific distributions, while others are standalone applications.

Top Experts In
Linux Networking
<
Monthly
>