Only VM DNS
I'm going to install the unit as VM (DNS server, AD, Exchange, unity in a box). It will be its own domain. My question is how do I configure the DNS so that it goes to internet? I production AD and DNS but different field. How can I configure the unit to point to this DNS server? As you know, because there the autonomous unit, the NETWORK card is configured loopback 127.0.0.1 as the server DNS pointing to itself. I can change it to use production DNS address, it will affect the unit by doing this?
Thank you
The answer is transmission.
In the ip of the svr ad properties, you would it point to itself for dns.
Open DNS from start, programs, administrative tools.
Right-click on the server name, select Properties.
The Forwarders tab.
Click Enable forwarders and enter an ip address from the dns.
Sometimes, enable forwarders is grayed out. Under Server name, open the areas of direct search and delete it. or otherwise known as root. Close the applet DNS and follow the procedure described in the paragraph above.
Tags: Cisco Support
Similar Questions
-
DNS DHCP pool (internal DNS issue)
I know that we can implement several DNS server under DHCP pool. But I want to assure the order.
I have several branches.
Let's say 1 division Office has a router with 10.30.1.1 as a default gateway.
Our internal DNS is 10.0.0.1 and 10.0.0.2 as Pri and dry.
My order of DNS server is as below.
1 gateway
2 internal DNS
3 public DNS provided by ISP
I saw two or three questions when I put the internal DNS first. Special situation is when IPsec does not work, users could not access the internet through domain name because they had internal DNS that is not accessible.
But when the door is of the first order, I don't know if users are able to access the internal Web site because gateway DNS does not have internal DNS records.
So, my question is which. What should be the best order for installing DNS under DHCP between default gateway, internal DNS and DNS? Our current configuration does not have same gateway address, there only internal DNS addresses only.
dhcp pool IP CCP-pool1
Network 10.30.1.0 255.255.255.0
name of domaine.org
router by default - 10.30.1.1
-10.30.1.1 NetBIOS name server
10.30.1.1 DNS server 10.0.0.1 10.0.0.2 24.25.5.60
(1) I think your logic is right.
(2) you are welcome.
(3) I now see how the link relates to question 3. Yes, the difference between the specification of a name server for the router itself with ip name-server and clients by using the dns server is an important point.
I am glad that you tell us that you had ip domain-lookup because it would have been my follow-up to the issue. Can you tell us exactly what the response of the router was when you tried to ping google.com? I suspect it's something in your router config. You can post a copy sanitized the router config?
Thanks for the compliment - and for points.
HTH
Rick
-
UDP associated with DNS queries
I'm transferring the IP tables to the firewall access PIX501 list rules.
In our IP table rules, we have implemented rules udp to protest the DNS:
$IPTABLES - a udp_chains Pei d 158.152.1.13 udp - dport 53 - m state - State NEW-j ACCEPT
$IPTABLES - a udp_chains Pei udp s 158.152.1.13 - sport 53 m state - state ESTABLISHED, RELATED-j ACCEPT
But when I try to implement the same rule in the PIX firewall, I can't find any syntax that I can use for specified state. Is it possible to do in PIX?
Also, I noticed PIX firewall act as a protector of the domain name system (DNS). It seems that the firewall will automatically handle udp associated with DNS queries. It means that I need not implement these rules I mentioned above at all?
Hello
The Cisco PIX has built warning DNS, so no, you won't have to configure your IP channels.
Keep DNS:
DNS guard identifies an outgoing DNS query request and allows only one DNS returned to the sender. A host can query multiple servers for an answer where the first server is slow to respond; However, only the first answer to the specific question is allowed in. All additional responses from other servers are removed. After the client issues a DNS query, a dynamic translation allows packets UDP return from the DNS server. The default UDP timer expires in two minutes. DNS is often attacked, leaving open for two minutes translation creates an unnecessary risk. DNS guard is enabled by default and cannot be configured or disabled. DNS guard performs the following actions:
Upon receipt of the DNS response, automatically pull the UDP translation on the PIX firewall. It does not wait for the timer default UDP log.
Warns against the diversion of UDP session and denial of service (DoS) attacks.
The PIX does not support IP chain rules, you will need to configure ACLs.
Hope this helps, and if it please note post.
-
I currently have a website under Server 2003 IIS 6.0. I'm moving the site to server2008 R2 IIS 7.0. Everything works except the verification of the credit card at secure.authorize.net. I have a problem connecting to secure.authorize.net. I try to connect to secure.authorize.net via the browser without success. But I can connect to secure.authorize.net with any of the other computers on my network. It seems also secure.authorize.net is only the DNS I can't connect to with server20008. All of the suggestions.
Source languageHi Melvin
Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the following forums.
Windows Server 2008 R2 General:
http://social.technet.Microsoft.com/forums/en-us/winservergen/threads
The official Forums of Microsoft IIS: http://forums.iis.net/
Concerning
-
E1000 2.1 and the xbox live NAT problem (I read all the others)
So like everyone, im having troublewith xbox live and NAT, but I feel my situation of dns is unique, so my solution is perhaps just as well. Help, please
Modem-> Router (e1000)-> port 1 (wired): xbox, wireless: mac computer
Configuration: Auto DHCP
MTU: tried 1365 and 1452, currently on 1452
UPnP: off
NAT: on
Port Range Forwarding - (tried reccomendations cisco and xbox, tried the verses of individual ports this range, currently at)
(looked in the outbreak, but as I have 2 devices, if I let a range of open ports, I want that it does match the xbox)
Application: xbox
Start port: 53
End port: 3074
Protocol: the two
IP address: 192.168.1.20
Xbox is set to:
IP: 192.168.1.20
Subnet mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: automatic
reading only 1 dns (see notes)
Notes:
router port range is 100-149, so DHCP should not be a problem (I guess) if ip xbox is put out of reach ([192.168.1.20] being 20)
In my status tab in the router, it gives me only a dns. When I look at online modem, it gives 2 different DNS.
Each time, I have everything works a turn at a time, the computer always connects, Xbox Live still connects, but he still has the problem of nat.
I don't think it's a matter of double nat, bc when I look at the stats of my modem there is nowhere to configure ports (seems to be the modem only 1 Ethernet only)
Also, I noticed that the mtu of my modem is 1500 (I changed the mtu on the router, but not the mtu of my modem [it only allows me to change the mtu of my modem])
Help, please. I've been dealing with it and try different combinations of ports and options for 4-5 hours now. I'm starting to crack: S :).
Well, I found my own solution. I looked at all options as what could be easier for the components to deal with. Here's what worked:
Computer:
Configuration: Auto DHCP
MTU: 1452
UPnP: on
NAT: on
DMZ:
Source: 192.168.1.100 to 100
Destination: 192.168.1.1
Xbox:
I could leave it on auto dhcp mac address book bc but it looks like this:
IP:192.168.1.100
Subnet mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: automatic
Combined with a DHCP reservation [via the mac address (for the safety of the DMZ)] all of it worked. With a DMZ, I didn't have to worry about which ports where correct. It was just messy because I was 2 devices of connection and could not choose a single static ip address. So, the example ip ending (20) was not default range of the router of 50 numbers. Pay attention to your range of ip addresses in the router settings.
* Make sure that your DMZ is on only a single or a partition of ip addresses, and you have other DHCP reservations for these ip addresses * you can find the mac address for xbox by accessing the network > configure network > additional settings > click Advanced settings, and not choose a 'different address', you should see a below *.
-
Cisco ASA 8.4.1 address Destination NAT?
I have a situation where I have a deployed asa5505 8.4.1 running.
The customer has a mail server existing which is located on their local network and has Port configured NAT for normal mail ports, etc. 25,110,993,587.
It works very well for incoming mail and any jerky mail user off the external server or by visiting the webmail from outside the network.
However when the users within the LAN to connect through the ASA test back entering the IP address on the external Interface of the ASA, they are unable to do so.
I came up with the solution is split DNS. well does he rely on users not changing their dns servers.
I was wondering if it is possible to make a sort of NAT that rewritten traffic destined to the above ports on the external IP address to the internal LAN Ip instead.
This is probably a stupid question, but I couldn't find an answer may I use the terms wrong to get one.
In any case, I was hoping someone here could point me in the right direction.
Thank you
You can only configure DNS rewrite rewrite if you have static NAT 1 to 1, with static PAT as advised, rewriting DNS is not supported because with PAT static, it is potentially different internal IP mapping, so the DNS rewrite is not exactly at the right address.
-
[RVS 4000] Secure setup ACL
I want to do an ACL that will allow traffic minum. For example, only; HTTP, DNS, SSH, FTP, TeamSpeak, Torrents.
This doesn't seem to be possible with the ACL on my Cisco Small Business RVS4000, I can only choose predifined parameters.
I can't configure my own source and destination IP and port. If it is not very useful.
I may be wrong, that's why I posted this threat. Is there a way to allow a minimum circulation with the ACL?
When I don't allow HTTP, DNS, etc. and deny the rest I can't use my TeamSpeak and Torrents, MSN more.
That's what I have now and that works, but it is not safe... Check the screenshot below. Here's my configuration of iptables, an ACL like this would be my idea of secure
#! / bin/sh
IPTABLES = / sbin/iptables
MODPROBE = / sbin/modprobe
INT_NET=192.168.1.32/28
LO=127.0.0.0/8#####################################################################
# Flush existing rules and set the channel drop strategy #.
#####################################################################
Echo "[+] existing Flushing iptables rules...". »
$IPTABLES F
Filter $IPTABLES f t
$IPTABLES X
$IPTABLES PEI ENTRY WATERFALL
$IPTABLES P - OUTPUT DROP
$IPTABLES PEI BEFORE DROP################################
# The KERNEL changes #.
################################
Echo "[+] implementation of the KERNEL changes... »
Ip_conntrack $MODPROBE
# Disable IP routing
echo 0 >/proc/sys/net/ipv4/ip_forward
# Enable IP spoofing protection
I'm in/proc/sys/net/ipv4/conf / * / rp_filter; echo 1 > $i; fact
# SYN flood attack protection
Echo 1 >/proc/sys/net/ipv4/tcp_syncookies#######################
# String input #.
#######################
Echo '[+] string of establishment of ENTRY... »
# Follow the rules of State
$IPTABLES - a INPUT-m state--State INVALID-j LOG - log-prefix 'DROP INVALID»--log-ip-options--log-tcp-options ".
$IPTABLES - a INPUT-m state--State INVALID-j DROP
$IPTABLES - a INPUT-m state - state ESTABLISHED, RELATED-j ACCEPT
# ACCEPT the terms allowing connections in
# Loopback
$IPTABLES - an ENTRY-i lo s $LO d $LO m state - State NEW-j ACCEPTS
# SSH
$IPTABLES - a PEI tcp - dport 22 - syn-m state - State NEW of INPUT-m recent - set - name SSH
$IPTABLES - a INPUT Pei tcp - dport 22 - syn m state - recent update - state NEW - m - 120 seconds - hitcount 4 - rttl - name SSH-j DROP
$IPTABLES - a INPUT Pei tcp - dport 22 - syn-m state - State NEW-j ACCEPT
# Anti - spoofing rules
$IPTABLES - ENTRY d $INT_NET-j LOG - log-prefix 'SPOOFED ' PACKAGE
$IPTABLES - d $INT_NET-j DROP ENTRY
# Rule of JOURNAL of default ENTRIES
$IPTABLES - AN ENTRY! -i lo-j JOURNAL - log-prefix "»--log-ip-options--log-tcp-options DROP.########################
# OUTPUT string #.
########################
Echo '[+] Setup OUTPUT string.... ' »
# Follow the rules of State
$IPTABLES - an OUTPUT-m state--State INVALID-j LOG - log-prefix 'DROP INVALID»--log-ip-options--log-tcp-options ".
$IPTABLES - an OUTPUT-m state--State INVALID-j DROP
$IPTABLES - an OUTPUT-m state - state ESTABLISHED, RELATED-j ACCEPT
# ACCEPT the terms allowing the connections on
# Loopback
$IPTABLES - an OUTPUT o lo s $LO d $LO m state - state NEW-j ACCEPT
# SSH
$IPTABLES - OUTPUT Pei tcp - dport 22 - syn-m state - State NEW-j ACCEPT
# Whois
$IPTABLES - OUTPUT Pei tcp - dport 43 - syn-m state - State NEW-j ACCEPT
# DNS
$IPTABLES - an OUTPUT Pei udp--dport 53 - m state - State NEW-j ACCEPT
# HTTP
$IPTABLES - OUTPUT Pei tcp - dport 80 - syn-m state - State NEW-j ACCEPT
# NTP
$IPTABLES - an OUTPUT Pei udp--dport 123 - m state - State NEW-j ACCEPT
# HTTPS
$IPTABLES - OUTPUT Pei tcp - dport 443 - syn-m state - State NEW-j ACCEPT
# MSN
$IPTABLES - OUTPUT Pei tcp - dport 1863 - syn-m state - State NEW-j ACCEPT
# RWhois
$IPTABLES - a tcp - dport 4321 Pei - OUTPUT syn-m state - State NEW-j ACCEPT
# Google Talk
$IPTABLES - a tcp - dport 5222 Pei - OUTPUT syn-m state - State NEW-j ACCEPT
# KTorrent
$IPTABLES - OUTPUT Pei tcp - dport 6881 - syn-m state - State NEW-j ACCEPT
$IPTABLES - Pei udp--dport 6881 OUTPUT - m state - State NEW-j ACCEPT
$IPTABLES - a tcp - dport 4444 Pei - OUTPUT syn-m state - State NEW-j ACCEPT
$IPTABLES - Pei udp--dport 4444 OUTPUT - m state - State NEW-j ACCEPT
# IRC
#$IPTABLES - a tcp - dport 6667 Pei OUTPUT - m state - State NEW-j ACCEPT
# Teamspeak voice
$IPTABLES - Pei udp--dport 9987 OUTPUT - m state - State NEW-j ACCEPT
# Teamspeak queries
$IPTABLES - OUTPUT Pei tcp - dport 10011 - syn-m state - State NEW-j ACCEPT
# Update Teamspeak Server
#$IPTABLES - Pei udp--dport 17384 OUTPUT - m state - State NEW-j ACCEPT
# Teamspeak Filetransfer
$IPTABLES - OUTPUT Pei tcp - dport 30033 - syn-m state - State NEW-j ACCEPT
# Ping
$IPTABLES - OUTPUT s $INT_NET Pei, - icmp type icmp echo-request - j ACCEPT
# Default OUTPUT NATURAL logarithm rule
$IPTABLES - AN OUTPUT! o lo-j JOURNAL - log-prefix "»--log-ip-options--log-tcp-options DROP.#########################
# BEFORE string #.
#########################
Echo '[+] string setting on the FRONT.... ' »
# Follow the rules of State
$IPTABLES - a m state--State INVALID-j LOG - log-prefix 'DROP INVALID»--log-ip-options--log-tcp-options ".
$IPTABLES - a State in ADVANCE - m - State INVALID-j DROP
$IPTABLES - a m state - state ESTABLISHED, RELATED-j ACCEPT
# Anti - spoofing rules
$IPTABLES - a BEFORE d $INT_NET-j LOG - log-prefix 'SPOOFED ' PACKAGE
$IPTABLES - a BEFORE d $INT_NET-j DROP
# Default JOURNAL FRONT rule
$IPTABLES - A FRONT! -i lo-j JOURNAL - log-prefix "»--log-ip-options--log-tcp-options DROP.Once added to the table of service management, personal service should be available for a new ACL to reference. If the router does not in this way, you can call the Small Business Support Center to open a bug report, if the problem can be solved.
-
This is explained? (Help)
6 Sep 05-2014 21:28:46 192.168.1.2 37071 199.195.xxx.xxx 37071 Dynamic translation TCP disassembly of any:192.168.1.2/37071 to Outside:199.195.xxx.xxx/37071 duration 0:00:31 Hello
I hope I can get this explained to me in simple terms so I understand what is happening. I thought that I had stated in my config that allowed all traffic of my internal networks to external networks, but my Active log is filled with packets are blocked and blocked. I'm just curious to know what is happening here. It is with UDP and TCP.
Thank you!
I have tons of them:
6 Sep 05-2014 21:36:59 192.168.1.2 62608 199.195.xxx.xxx 62608 Built a dynamic UDP conversion of any:192.168.1.2/62608 to Outside:199.195.xxx.xxx/62608 6 Sep 05-2014 21:36:59 199.195.xxx.x 53 192.168.1.2 62608 UDP connection disassembly 6952281 for Outside:199.195.xxx.x/53 for Inside:192.168.1.2/62608 duration 0: 00:00 152 bytes 6 Sep 05-2014 21:36:58 10.10.1.2 63481 199.195.xxx.xxx 63481 Dynamic translation UDP disassembly of any:10.10.1.2/63481 to Outside:199.195.xxx.xxx/63481 duration 0:00:31 The ASA config:
ASA5510 # sh run
: Saved
:
ASA Version 9.1 (4)
!
hostname ASA5510
domain maladomini.int
activate liqhNWIOSfzvir2g encrypted password
volatile xlate deny tcp any4 any4
volatile xlate deny tcp any4 any6
volatile xlate deny tcp any6 any4
volatile xlate deny tcp any6 any6
volatile xlate deny udp any4 any4 eq field
volatile xlate deny udp any4 any6 eq field
volatile xlate deny udp any6 any4 eq field
volatile xlate deny udp any6 any6 eq field
liqhNWIchangedvir2g encrypted passwd
names of
DNS-guard
!
interface Ethernet0/0
LAN Interface Description
nameif inside
security-level 100
IP 10.10.1.1 255.255.255.252
!
interface Ethernet0/1
Description of the WAN Interface
nameif outside
security-level 0
IP address 199.195.xxx.x 255.255.255.240
!
interface Ethernet0/2
DMZ description
nameif DMZ
security-level 100
IP 10.10.0.1 255.255.255.252
!
interface Ethernet0/3
VOIP description
nameif VOIP
security-level 100
IP 10.10.2.1 255.255.255.252
!
interface Management0/0
management only
Shutdown
nameif management
security-level 0
no ip address
!
boot system Disk0: / asa914 - k8.bin
passive FTP mode
DNS domain-lookup outside
DNS server-group DefaultDNS
Server name 199.195.xxx.x
Server name 205.171.2.65
Server name 205.171.3.65
domain maladomini.int
permit same-security-traffic inter-interface
the ROUTER-2811 object network
10.10.1.2 home
the ROUTER-2821 object network
Home 10.10.0.2
network of the WEBCAM-01 object
host 192.168.1.5
the DNS SERVER object network
host 192.168.1.2
the ROUTER-3745 object network
host 10.10.2.2
network of the RDP - DC1 object
host 192.168.1.2
PAT-SOURCE network object-group
object-network 10.10.1.0 255.255.255.252
object-network 10.10.0.0 255.255.255.252
network-object 10.10.2.0 255.255.255.252
object-network 192.168.0.0 255.255.255.0
object-network 172.16.10.0 255.255.255.0
object-network 172.16.20.0 255.255.255.0
object-network 128.162.1.0 255.255.255.0
object-network 128.162.10.0 255.255.255.0
object-network 128.162.20.0 255.255.255.0
the DM_INLINE_NETWORK_2 object-group network
network-host 98.22.xxx.xxx object
the Outside_access_in object-group network
object-group Protocol DM_INLINE_PROTOCOL_1
object-protocol gre
allow access-list of standard USERS 10.10.1.0 255.255.255.0
Outside_access_in list extended access permit tcp host object eq ROUTER-2811 98.22.xxx.xx ssh
Outside_access_in list extended access permit tcp host object eq ROUTER-2821 98.22.xxx.xx ssh
Outside_access_in list extended access permit tcp host 98.22.xxx.xx interface outside eq https
Outside_access_in list extended access permit tcp host object 98.22.xxx.xx WEBCAM-01 eq www
access-list extended Outside_access_in permit tcp host 98.22.xxx.xx eq 3389 RDP - DC1 object
IP 128.162.1.0 allow Access-list access-dmz-vlan1 extended 255.255.255.0 any
Note access-list access dmz allow all traffic in DC1
permit access-list extended access dmz ip 128.162.1.0 255.255.255.0 192.168.1.2 host
Note dmz access list only allow DNS traffic to the DNS server
permit access-list extended access dmz udp 128.162.1.0 255.255.255.0 192.168.1.2 host eq field
Note to dmz-access access-list ICMP allow devices in DC
permit access-list extended access dmz icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
management of MTU 1500
MTU 1500 DMZ
MTU 1500 VOIP
ICMP unreachable rate-limit 1 burst-size 1
ICMP deny everything outside
ASDM image disk0: / asdm - 715.bin
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
!
the ROUTER-2811 object network
NAT (inside, outside) interface static tcp ssh 222 service
the ROUTER-2821 object network
NAT (DMZ, outside) static interface tcp ssh 2222 service
network of the WEBCAM-01 object
NAT (inside, outside) interface static tcp 8080 www service
the ROUTER-3745 object network
NAT (VOIP, outdoor) static interface service tcp ssh 2223
network of the RDP - DC1 object
NAT (inside, outside) interface static service tcp 3389 3389
!
NAT interface (it is, outside) the after-service automatic PAT-SOURCE dynamic source
Access-group Outside_access_in in interface outside
!
router RIP
10.0.0.0 network
version 2
No Auto-resume
!
Route outside 0.0.0.0 0.0.0.0 199.195.xxx.xxx 1
Route inside 128.162.1.0 255.255.255.0 10.10.0.2 1
Route inside 128.162.10.0 255.255.255.0 10.10.0.2 1
Route inside 128.162.20.0 255.255.255.0 10.10.0.2 1
Route inside 172.16.10.0 255.255.255.0 10.10.1.2 1
Route inside 172.16.20.0 255.255.255.0 10.10.1.2 1
Route inside 192.168.1.0 255.255.255.0 10.10.1.2 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
the ssh LOCAL console AAA authentication
Enable http server
http 0.0.0.0 0.0.0.0 inside
http 98.22.xxx.xxx 255.255.255.255 outside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec pmtu aging infinite - the security association
trustpool crypto ca policy
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 inside
SSH 98.22.xxx.xxx 255.255.255.255 outside
SSH timeout 60
SSH version 2
SSH group dh-Group1-sha1 key exchange
Console timeout 0
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
NTP server 24.56.178.140 prefer external source
username redacted encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
inspect the icmp error
inspect the pptp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
aes encryption password
Cryptochecksum:6f99e1277a392a926d04735c7f6a8c50
: endYou provided the log messages are NAT and messages from tell-establishment of connections, not blocks.
They are a normal part of the firewall, clean the table xlate and connections once they have expired.
-
ACL to prevent gnutela, outgoing kazaa, grokster traffic
Hello
I have a client who has a 3640 router edge style. It is an educational institution, the network administrator has really no students mind pulling the music down, he won't simply foreign guests pulling music out of the boxes, studying its network.
I want to build on this 3640 access lists to prevent outbound connections for these music services...
Inside the network numbers are 192.240.88.0 for example...
pls help...
It relly is dependent on your music file sharing protocol. For example, to configure an access list to block KazaA, access list statement would be something like
access-list on refuse tcp host x.x.x.x any eq 1214
ip access list allow a whole
Here's more information you might help you. Some of this information is old and it might not be applicable. It would be wise to cross-check the same.
App: Kazaa and Morpheus
Block customers who connect with each other and the application is broken.
-Deny TCP and UDP 1214
App: WinMX
This package is Napster-like and requires a central site to allow file sharing. This site by its IP blocking prevents its use.
App: AudioGalaxy Satellite
This package uses the top ports to find servers AudioGalaxy Satellite and FTP (TCP 21 and 20 TCP) to perform the actual file transfers. Also block the AudioGalaxy network block should help. Denying completely FTP will prevent this service as well.
-Deny TCP and UDP TCP 41000-42000
App: Napigator
Napster as a tool, requires a central site to function. By blocking the central site of blocks Napigator.
App: Freenet
The only effective way to catch this kind of traffic is to watch traffic heading for the witnesses. Many PacketFilters allow research the first packet of a flow for the matches in the string. In General, the implementation of this type of filter is outside the scope of a simple how-to doc. The Protocol is built from the groundup to not rely on a specific port. For more information, refer to
App: Napster
Block access to the Central netblocks of Napster (these may change from time to time) that prevent the use of Napster:
-Refuse any traffic and traffic to source.
Block access to peer file sharing, filter only the default ports. This may break some (very dubious) internet use but would prevent his use of Napster if the network block above should change to another set of addresses.
-Deny traffic to destination: 0.0.0.0/0 TCP 6699
-Deny traffic from source: 0.0.0.0/0 TCP 6699
-Deny traffic to destination: 6699 UDP 0.0.0.0/0
-Deny traffic from source: 6699 UDP 0.0.0.0/0
App: Aimster
Blocking Aimster requires blocking AOL Instant Messenger (AIM). GOAL becomes harder to block without the use of a filter or a proxy that examines the TCP 80 (Web) traffic and check that in fact only HTTP traffic is passing on this port. Using the following filters do AIM (and Aimster) much more difficult to use.
Block ICQ/AIM client traffic
-Deny traffic to destination: 5190 TCP 0.0.0.0/0
-Deny traffic from source: 5190 TCP 0.0.0.0/0
-Deny traffic to destination: 5190 UDP 0.0.0.0/0
-Deny traffic from source: 5190 UDP 0.0.0.0/0
Given that the OBJECTIVE can also use TCP 13, 23, 80, 113 and others, it might be preferable to blocklist AOL sites altogether or only allow DNS lookups. This break solution good enough access to AOL from use with care. The best solution is described above, filter 5190 TCP and UDP 5190 but also use of filters or proxies that do not allow non-HTTP traffic using TCP 80.
App: iMesh
Blocking access to the central server iMesh breaks iMesh.
App: eDonkey
Customers to block the connection to the server
-Deny traffic to destination: 0.0.0.0/0 TCP 4661
-Deny traffic from source: 0.0.0.0/0 TCP 4661
-Deny traffic to destination: 4665 UDP 0.0.0.0/0
-Deny traffic from source: 4665 UDP 0.0.0.0/0
Block customers who connect with each other
-Deny traffic to destination: 4662 TCP 0.0.0.0/0
-Deny traffic from source: 4662 TCP 0.0.0.0/0
App: Gnutella (BearShare, Limewire, ToadNode, Gnucleus and other)
When left with the default settings, Gnutella can be blocked as follows.
Block customers who connect with each other
-Deny traffic to destination: 0.0.0.0/0 TCP 6345-6349
-Deny traffic from source: 0.0.0.0/0 TCP 6345-6349
-Deny traffic to destination: 0.0.0.0/0 UDP 6345-6349
-Deny traffic from source: 0.0.0.0/0 UDP 6345-6349
-
VPN SSL from the inside on the external interface
Hi all
First of all I know that I can activate the SSL interface inside, but that's not what I need or want.
Scenario:
Several interfaces and VLAN on the SAA (running 8.0.5).
SSL VPN configured and enabled on the external interface.
Need to know if it is possible to access the SSL VPN from other interfaces directly to the IP address external interface, something like her hairpin.
Possible a solution (if it exists) with or without NAT (I have public IPs on some interfaces).
This will be useful for users who can connect any interface (inside, outside, or other) and with only a DNS record, I'll be able to manage everything.
Concerning
PS: Is DNS doctoring an option? The tests that I have done this does not work.
Post edited by: rcordeiro
Hello
Unfortunately, it is not possible. You cannot communicate with an ASA interface which is not directly connected through the firewall.
Kind regards
NT
-
As I start my custom domain name (HC92), I get the following:
exec PSWATCHSRV EI o '.\LOGS\stdout' '.\LOGS\stderr' - A - ID - 54217 d TESTSERV s PSWATCHSRV: process id = 1636... Has begun.
exec PSAPPSRV '.\LOGS\stdout' EI '.\LOGS\stderr'[email protected] s PSAPPSRV d o: process id = 2656... Has begun.
exec PSAPPSRV '.\LOGS\stdout' EI '.\LOGS\stderr'[email protected] s PSAPPSRV d o: process id = 2644... Has begun.
exec PSSAMSRV o '.\LOGS\stdout"e".\LOGS\stderr"- A – d s PSSAMSRV TESTSERV: process id = 2832... Has begun.
exec PSSAMSRV o '.\LOGS\stdout"e".\LOGS\stderr"- A – d s PSSAMSRV TESTSERV: process id = 2692... Has begun.
exec PSANALYTICSRV o '.\LOGS\stdout"e".\LOGS\stderr"- A – d s PSANALYTICSRV TESTSERV: process id = 2448... Has begun.
exec PSANALYTICSRV o '.\LOGS\stdout"e".\LOGS\stderr"- A – d s PSANALYTICSRV TESTSERV: process id = 496... Has begun.
exec PSANALYTICSRV o '.\LOGS\stdout"e".\LOGS\stderr"- A – d s PSANALYTICSRV TESTSERV: process id = 2964... Has begun.
exec PSRENSRV o '.\LOGS\stdout"e".\LOGS\stderr"- A – d s PSRENSRV TESTSERV: process id 2356 =... Has begun.
exec PSMONITORSRV EI o '.\LOGS\stdout' '.\LOGS\stderr' - A - ID - 54217 d TESTSERV s PSMONITORSRV: process id = 1056... Has begun.
exec JSL o '.\LOGS\stdout"e".\LOGS\stderr"- A – n //PSOFT_PC:9000 m 5 - M7-I have 5-j ANY - x 40 s 10 - c 1000000 w JSH: failed.
tmboot: CMDTUX_CAT:827: ERROR: fatal error occurred; launch the user error handler
tmshutdown - qy
==============ERROR!================
Try to start met domain errors! See TUXEDO log for more details.
==============ERROR!================
----------------------------
Domain LOG FILE
----------------------------
PSADMIN.1088 (0) [2015-01 - 13 T 17: 06:34.774] (0) attempt to Begin priming on domain HC92
PSAPPSRV.2656 (0) [2015-01 - 13 T 17: 06:46.056] (0) PeopleTools version 8.54 (Windows) from. Tuxedo server is APPSRV 99/2
PSAPPSRV.2656 (0) [2015-01 - 13 T 17: 06:46.056] (3) detected time zone is Pacific SA Daylight saving time
PSAPPSRV.2656 (0) [2015-01 - 13 T 17: 06:46.134] (0) used Cache Directory: C:\PS _CFG_HOME\appserv\HC92\CACHE\PSAPPSRV_2\
PSAPPSRV.2656 (0) [2015-01 - 13 T 17: 06:47.056] (2) App Server host lag is DB + 0 0:00:00 (ORACLE PSHRDMO)
PSAPPSRV.2656 (0) [2015-01 - 13 T 17: 06:51.196] (0) server started
PSAPPSRV.2644 (0) [2015-01 - 13 T 17: 06:51.603] (0) PeopleTools version 8.54 (Windows) from. Tuxedo server is APPSRV 99/1
PSAPPSRV.2644 (0) [2015-01 - 13 T 17: 06:51.603] (3) detected time zone is Pacific SA Daylight saving time
PSAPPSRV.2644 (0) [2015-01 - 13 T 17: 06:51.665] (0) used Cache Directory: C:\PS _CFG_HOME\appserv\HC92\CACHE\PSAPPSRV_1\
PSAPPSRV.2644 (0) [2015-01 - 13 T 17: 06:51.837] (2) App Server host lag is DB + 0 0:00:00 (ORACLE PSHRDMO)
PSAPPSRV.2644 (0) [2015-01 - 13 T 17: 06:52.415] (0) server started
PSSAMSRV.2832 (0) [2015-01 - 13 T 17: 06:52.728] (0) PeopleTools version 8.54 (Windows) from. Tuxedo server is APPSRV 99/101
PSSAMSRV.2832 (0) [2015-01 - 13 T 17: 06:52.728] (3) detected time zone is Pacific SA Daylight saving time
PSSAMSRV.2832 (0) [2015-01 - 13 T 17: 06:52.790] (0) used Cache Directory: C:\PS _CFG_HOME\appserv\HC92\CACHE\PSSAMSRV_101\
PSSAMSRV.2832 (0) [2015-01 - 13 T 17: 06:53.087] (0) server started
PSSAMSRV.2692 (0) [2015-01 - 13 T 17: 06:53.415] (0) PeopleTools version 8.54 (Windows) from. Tuxedo server is APPSRV 99/100
PSSAMSRV.2692 (0) [2015-01 - 13 T 17: 06:53.415] (3) detected time zone is Pacific SA Daylight saving time
PSSAMSRV.2692 (0) [2015-01 - 13 T 17: 06:53.493] (0) used Cache Directory: C:\PS _CFG_HOME\appserv\HC92\CACHE\PSSAMSRV_100\
PSSAMSRV.2692 (0) [2015-01 - 13 T 17: 06:53.806] (0) server started
PSRENSRV.2356 [2015-01 - 13 T 17: 06:56.743] (0) st PeopleTools version 8.54 (Windows) arting . Tuxedo server is RENGRP 92/101
PSRENSRV.2356 [2015-01 - 13 T 17: 06:56.759] (3) switch to the new log file * C:\PS_CFG_H OME\appserv\HC92\LOGS\PSRENSRV_0113.LOG *
PSADMIN.1088 (0) [2015-01 - 13 T 17: 07:13.698] (0) attempt to end HC92 field boot
* C:\PS_CFG_HOME\appserv\HC92\LOGS\PSRENSRV_0113.LOG *.
-Begin PSRENSRV boot-
PSRENSRV.2356 (0) [2015-01 - 13 T 17: 06:57.273] (3) (NET.113): RenRequest customer service request succeeded
PSRENSRV.2356 (0) [2015-01 - 13 T 17: 06:57.843] (3) (NET.113): RenRequest customer service request succeeded
2356.2708 [2015-01 - 13 T 17: 07:02.075] (WARN) nsmain: off the server immediately asked
----------------------------
SMOKING LOG FILE
----------------------------
170634.PSOFT_PC! PSADMIN.1088: Start the start on domain HC92 attempt
170639.PSOFT_PC! tmadmin.556.2400.-2: TMADMIN_CAT:1330: INFO: command: start - a
170641.PSOFT_PC! tmboot.2392.2544.-2: 13/01/2015: Tuxedo Version 12.1.3.0.0_VS201 0, 64-bit
170641.PSOFT_PC! tmboot.2392.2544.-2: CMDTUX_CAT:1851: INFO: TM_BOOTTIMEOUT is to t to 120 seconds
170641.PSOFT_PC! tmboot.2392.2544.-2: CMDTUX_CAT:1855: INFO: TM_BOOTPRESUMEDFAIL option is selected
170643.PSOFT_PC! BBL.2340.1680.0: 13/01/2015: Version Tuxedo 12.1.3.0.0_VS2010, 64-bit, Patch level (none)
170643.PSOFT_PC! BBL.2340.1680.0: LIBTUX_CAT:262: INFO: Standard master boot
170645.PSOFT_PC! tmboot.1488.2464.-2: 13/01/2015: Tuxedo Version 12.1.3.0.0_VS201 0, 64-bit
170645.PSOFT_PC! tmboot.1488.2464.-2: CMDTUX_CAT:1851: INFO: TM_BOOTTIMEOUT is to t to 120 seconds
170645.PSOFT_PC! tmboot.1488.2464.-2: CMDTUX_CAT:1855: INFO: TM_BOOTPRESUMEDFAIL option is selected
170645.PSOFT_PC! PSWATCHSRV.1636.2816.-2: 13/01/2015: Version Tuxedo 12.1.3.0.0_VS2010, 64-bit
170645.PSOFT_PC! PSWATCHSRV.1636.2816-2: LIBTUX_CAT:262: INFO: Standard main starting
170645.PSOFT_PC! PSAPPSRV.2656.592.0: 13/01/2015: Version Tuxedo 12.1.3.0.0_VS2010, 64-bit
170645.PSOFT_PC! PSAPPSRV.2656.592.0: LIBTUX_CAT:262: INFO: Standard main starting
170651.PSOFT_PC! PSAPPSRV.2644.2804.0: 13/01/2015: Version Tuxedo 12.1.3.0.0_VS2010, 64-bit
170651.PSOFT_PC! PSAPPSRV.2644.2804.0: LIBTUX_CAT:262: INFO: main starti Standardng
170652.PSOFT_PC! PSSAMSRV.2832.2208.0: 13/01/2015: Version Tuxedo 12.1.3.0.0_VS2010, 64-bit
170652.PSOFT_PC! PSSAMSRV.2832.2208.0: LIBTUX_CAT:262: INFO: main starti Standardng
170653.PSOFT_PC! PSSAMSRV.2692.2668.0: 13/01/2015: Version Tuxedo 12.1.3.0.0_VS2010, 64-bit
170653.PSOFT_PC! PSSAMSRV.2692.2668.0: LIBTUX_CAT:262: INFO: main starti Standardng
170653.PSOFT_PC! PSANALYTICSRV.2448.2180.0: 13/01/2015: Tuxedo Version 12.1.3.0.0_VS2010, 64-bit
170653.PSOFT_PC! PSANALYTICSRV.2448.2180.0: LIBTUX_CAT:262: INFO: main s Standardtarting
170654.PSOFT_PC! PSANALYTICSRV.496.2476.0: 13/01/2015: Tuxedo Version 12.1.3.0.0_VS2010, 64-bit
170654.PSOFT_PC! PSANALYTICSRV.496.2476.0: LIBTUX_CAT:262: INFO: Standard main stsurglace
170655.PSOFT_PC! PSANALYTICSRV.2964.1536.0: 13/01/2015: Tuxedo Version 12.1.3.0.0_VS2010, 64-bit
170655.PSOFT_PC! PSANALYTICSRV.2964.1536.0: LIBTUX_CAT:262: INFO: main s Standardtarting
170656.PSOFT_PC! PSRENSRV.2356.2708.-2: 13/01/2015: Version Tuxedo 12.1.3.0.0_VS2010, 64-bit
170656.PSOFT_PC! PSRENSRV.2356.2708-2: LIBTUX_CAT:262: INFO: key start Standarding
170658.PSOFT_PC! PSMONITORSRV.1056.2212.-2: 13/01/2015: Tuxedo Version 12.1.3.0.0_VS2010, 64-bit
170658.PSOFT_PC! PSMONITORSRV.1056.2212-2: LIBTUX_CAT:262: INFO: main s Standardtarting
170658.PSOFT_PC! JSL.640.904.0: 13/01/2015: Version Tuxedo 12.1.3.0.0_VS2010, 64 -bit
170658.PSOFT_PC! JSL.640.904.0: LIBTUX_CAT:262: INFO: Standard master boot
170658.PSOFT_PC! JSL.640.904.0: INFO: version JOLT Jolt 12.1.1.0 Oracle Listener
170659.PSOFT_PC! JSL.640.904.0: JOLT_CAT:1568: "INFO: threshold of Compression is tot-1000000 '
170659.PSOFT_PC! JSL.640.904.0: JOLT_CAT:1242: ' ERROR: Bad Internet type listning address provided: //PSOFT_PC:9000 '
170659.PSOFT_PC! JSL.640.904.0: LIBTUX_CAT:250: ERROR: tpsvrinit() failed
170659.PSOFT_PC! tmboot.1488.2464.-2: CMDTUX_CAT:825: ERROR: process to PSOFT JSL _Pc failed with / t tperrno (TPESYSTEM - internal system error)
170659.PSOFT_PC! tmboot.1488.2464.-2: tmboot: CMDTUX_CAT:827: ERROR: fatal error met, launch the user error handler
170710.PSOFT_PC! BBL.2340.1680.0: CMDTUX_CAT:26: INFO: The BBL out of system
170713.PSOFT_PC! PSADMIN.1088End attempt to boot on domain HC92
-------------------------------------------------------------
SETTINGS FOR THE DOMAIN
------------------------------------------------------------
----------------------------------------------
Menu quick access - configure area: HC92
----------------------------------------------
Characteristic parameters
========== ==========
(1) pub/Sub servers: No. 17) DBNAME: [PSHRDMO]
(Server 2) Quick: No. 18) DBTYPE: [ORACLE]
(Query servers 3): No. 19) user name: [PS]
((4) shock: Yes 20) UserPswd: [PS]
((5) Jolt relay: No. 21) Networkid: [TESTSERV]
((6) WSL: No. 22) AddToPATH: [C:\app\psoft\product\11.2.0\dbhome_1\BIN]
(PC 7 debugger): No. 23) ConnectID: [people]
(Event notification 8): Yes 24) ConnectPswd: [people]
[(Serveurs de 9) MCF: No. 25) DomainConnectPswd:]
(10 assembler) Perf: No. 26) Port of WSL: [7000]
((11) Analytics servers: Yes 27) JSL Port: [9000]
(Bridge 12) areas: No. 28) Port of JRAD: [9100]
(13) the server events: No.
Actions
=========
(14) load config as shown
(15) custom configuration
(16) the settings of the environment
(h) aid for this menu
(q) to return to the previous menu
TIP: Enter 17 to change DBNAME, then 14 to load
Enter the selection (1-28, h or q):
--------------------------------------------------------------
ENVIRONMENT SETTINGS
--------------------------------------------------------------
C:\Users\psoft > set
ALLUSERSPROFILE = C:\programdata
APPDATA = C:\Users\psoft\AppData\Roaming
CommonProgramFiles = c: files
CommonProgramFiles (x 86) = c: Program Files (x 86) \Common Files
CommonProgramW6432 = c: files
COMPUTERNAME = PSOFT_PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK = NO
HOMEDRIVE = C:
HOMEPATH = \Users\psoft
JAVA_HOME = C:\Program Files\Java\jdk1.8.0_25
JAVA_OPTS = "" - Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID = 1.0 - Xms32 m - Xmx64m " "
LOCALAPPDATA = C:\Users\psoft\AppData\Local
LOGONSERVER = \\PSOFT_PC
NUMBER_OF_PROCESSORS = 2
OS = Windows_NT
Path = C:\Program Files\Java\jdk1.8.0_25\bin
; C:\app\psoft\product\11.2.0\dbhome_1\bin
; C:\app\psoft\product\11.2.0\dbhome_2\bin
; C:\Windows\System32; C:\Windows
; C:\windows\System32\Wbem
; C:\Windows\system32\WindowsPowerShell\v1.0\
; C:\app\tuxedo\tuxedo12.1.3.0.0_VS2010\bin
; C:\app\tuxedo\tuxedo12.1.3.0.0_VS2010\jre\bin\server
; C:\app\tuxedo\tuxedo12.1.3.0.0_VS2010\jre\bin
PATHEXT = .COM; EXE;. BEATS;. CMD;. VBS;. VBE;. JS;. JSE;. WSF;. WSH;. MSC
PROCESSOR_ARCHITECTURE = AMD64
PROCESSOR_IDENTIFIER = Intel64 family 6 model 58 Stepping 9 GenuineIntel
PROCESSOR_LEVEL = 6
PROCESSOR_REVISION = 3 a 09
ProgramData = ProgramData
ProgramFiles = c: Program Files
ProgramFiles (x 86) = c: Program Files (x 86)
ProgramW6432 = C:\Program Files
PROMPT = $P$ G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PS_APP_HOME = C:\HC9.2
PS_CFG_HOME = C:\PS_CFG_HOME
PS_HOME = C:\PT8.54
PUBLIC = C:\Users\Public
SESSION = Console
SystemDrive = C:
SystemRoot = C:\Windows
TEMP = C:\Users\psoft\AppData\Local\Temp
TMP = C:\Users\psoft\AppData\Local\Temp
TUXDIR=C:\app\tuxedo\tuxedo12.1.3.0.0_VS2010
USERDOMAIN = PSOFT_PC
USERNAME = psoft
USERPROFILE = C:\Users\psoft
windir = C:\Windows
windows_tracing_flags = 3
windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
_JAVA_OPTIONS =-Xmx512M
Found this post:
ISNAT_CAT:1242: ERROR: Bad Internet type of listening address
"The problem has been resolved after that I changed my name from ZEMEROV_A to ZEMEROV computer.
Hyphens are not allowed for regular internet names. The only Microsoft DNS server
allows hyphens. Obviously TUXEDO checks the internal Web address syntax.
But I don't know why my IP (10.57.70.246) has failed.
In any case, the issue is resolved. Make sure that TUXEDO documentation recommends-
When using the name of the server host you talk server. This is case and sensitive syntax. »
Where as: I changed my host name of psoft_pc to psoftpc and I changed the same on TNSNAMES and everything worked without problems.
I'll mark this issue is resolved.
Thank you.
-
Hello
Two guest VM on the same host server copy (are in the same virtual switch) copy data between them using the DNS name.
How traffic is transferred?
I mean, data must use the same network card (and not the physical cable) and cable only DNS resolve, use the physical, I am correct?
Thank you
Hello
When virtual machines are in the same VLAN on the same portgroup traffic will be lit in the virtual switch and will not let the host. Only the DNS request will go to the physical network.
Tim
-
With OAM10g WebGate load balancer
Hi all
I have two protected apache http server with 10g oam webgate, they work fine if I have access to the resource protected from the IP two webgate separately.
However, if I have access to the protected front load balancer IP address resource, the resource is not protected and no challenge/SSO authentication happens.
the load balancer will be distruibute request to the Apache server two webgate protected, and the end user can know only the dns name/IP address of the load balancer.
Should any configuration be done on the side of the OAM?
I tried to add the LB IP of the host identifier, but even he can't get works.
Thank you.
Yes. the identifier for the host includes the webgate and LB hostname/IP.
The problem is solved, the cause is the LB before the application for application port 7003 directly rather than port 80 http.
-
VMware has a guide of best practices for backup of VMware View &; DR?
How to properly protect a server with VMware View VMware vSphere running? Our RPO/RTO is ideally < 2 hrs?
We have 100 customers and we use a roaming profile. TIA
Hello
Haven't seen specific guides. There are a few examples of 3rd party that might give you some ideas. VCenter Heartbeat also supports the component View Composer.
Little old (2009), but interesting to read:
Maybe the next version of view could address this? If you use roaming profiles, and then you just a way to replicate users DR and point to the DR View Pool, failover would take only a DNS change. Dealing with linked clones and persistent readers makes many tricker.
I would consider the XP VM to throw objects, is the user customization, you need to reproduce for them in DR.
Mike
-
Hello
I am trying to install Oracle 11 g grid infrastructure.
I have two nodes and I have configured addresses for each of them, as follows.
I don't have a single card NETWORK, so I set up my address so:
X.X.X.15 Node1 on eth0: 1
Node1-vip X.X.X.17 on eth0:2
Node1-priv 10.100.100.1 on eth0:3
Node2 X.X.X.16 on eth0: 1
Node2-vip X.X.X.18 on eth0:2
Node2-priv 10.100.100.2 on eth0:3
When I launch runInstaller it shows the error message:
Virtual host name: node1-vip is assigned to another system on the network.
Then I disabled this interface 'ifdown eth0:2.
But I get the error:
BASS: [FATAL] [INS-41101] information of the specified interface is incorrect.
CAUSE: Either the format of the information is incorrect, or the name or subnet interface information were incorrect.
ACTION: Enter the correct interface information before proceeding
Anyone know what could be the problem?
Thank youI do not understand if they must be upwards or downwards during the phases of installation.
: Or they must be upward but does not respond to ping?Virtual/SCAN will work as an alias IP on the public Interface on the Public network. In a (e.g., eth0) Interface will Oracle be assigned multiple IP alias.
The VIPs and SCAN IPs are virtual IPs and are managed by oracle clusterware. That's why Oracle checks the installation before any of these virtual IP addresses are not being used, Oracle will create/set up the IP as an alias, assigning (start) and management (start/stop/move) these IPs virtual by itself.It is IP are alias because it must be able to switch from a virtual/SCAN all Public card NIC of the Clusterware.
Thus, prior to installation:
VIRTUAL/IP should be configured only in the file "/ etc/hosts" and "DNS".
SCAN/IP should be configured only in "DNS" or if you do not have a DNS SERVER, you can configure only a single IP SCAN on "/ etc/hosts.
You must configure the IP on the Interface, the IP that you configure on the Interfaces before the install is PUBLIC and PRIVATE.
Kind regards
Levi PereiraPublished by: Levi Pereira on 13 January 2012 10:42
Maybe you are looking for
-
Roller coaster tycoon will not play
Bought a new computer dell laptop with windows vista home premium, pre-installed last week, installed a new version of roller coaster tycoon 3, but whenever I try to play I get the error message "Microsoft Visual C++ Runtime Library Error. Have tried
-
Try to load a game and get the message that not taken OpenGL2.0 support.
What does that mean? What can I do? How to pass the game FAQ page recommends?
-
Why calculator will be scientific?
Recently, I replaced the hard drive in my old Windows computer. I installed XP SP1 from scratch on a DoD wiped the hard drive and update to SP3 from a CD, then let the autocratic updates to do its thing.Since then, I've noticed that the calculator ke
-
How can I fix it? 0 x 80070643
I tried to fix the .net framework client profile 4 and received error 0 x 80070643. Said also /windows6.0-kb956250-v6001-x86.msu failed with 0 x 1 - incorrect function. How can I fix it?
-
my printer is showing a fault 077-900 and telling back open and remove the paper, but there is no paper? I tried unplugging and leaving it and various basic things, but now I'm stuck! someone at - it ideas? Thank you