PIX: Allowing servers in the DMZ access inside Server
Hello
I'm building a PIX 520 from scratch using 6.2 (2) and PDM 2.1 (1). I have 3 interfaces:
outdoors (sec0) - xx.xx.xx.xx
inside (sec100) - 10.100.1.0/24
DMZ (sec10) - 172.16.254.0/24
All was well with the modules until I started the task to allow the dmz hosts access internal hosts. I'm having problems as soon as I create an access for example rule:
access-list permits dmz_access_in tcp host 172.16.254.20 host 10.100.1.35 eq ldap
Problem 1:
PDM alerts must be a static translation for 10.100.1.35 between the inside network and the DMZ. I would like the 172.16.254.20 server to the access server to the 10.100.1.35 using his real address of 10.100.1.35. Can I just give these commands:
static (inside, dmz) 10.100.1.0 10.100.1.0 netmask 255.255.255.0 0 0
dmz_inbound_nat0_acl ip access list allow any 10.100.1.0 255.255.255.0
NAT (dmz) 0-list of access dmz_inbound_nat0_acl outside
and then:
access-list permits dmz_access_in tcp host 172.16.254.20 host 10.100.1.35 eq ldap
Access-group dmz_access_in in dmz interface
.. .will this work without problems?
Problem 2:
The rule of implicit outbound traffic to DMZ is broken - why? I need servers DMZ in order to access the internet without any discomfort.
When I try and insert another rule to this effect, the following is inserted in the PIX config:
dmz_access_in ip 172.16.254.0 access list allow 255.255.255.0 any
This command now allows any server DMZ access all devices on my internal network! How can I solve this?
I hope someone can help... Thanks in advance,
Tariq.
A problem 1, you don't need the nat statement 0 and correospnding-access list. The static method is sufficient.
Problem 2: as you apply an access list to the DMZ interface, you must expand to include Internet access as well. If this is what you need, I would try something like this:
access-list permits dmz_access_in tcp host 172.16.254.20 host 10.100.1.35 eq ldap
access-list permits dmz_access_in tcp host 172.16.254.30 host 10.100.1.35 eq ldap
...
...
etc. to allow the required access to the Interior.
deny the dmz_access_in of the ip access list any 10.0.0.0 255.0.0.0
dmz_access_in ip access list allow a whole
Of course, you want to settle this as requires it.
Tags: Cisco Security
Similar Questions
-
To access the servers in the DMZ
People:
I have a PIX 515E and I need to access a SQL Server that is inside the network... I don't know if I should activate NAT on the demilitarized zone to be able to 'see' the servers inside...
I tried a
> static (dmz, inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
to activate servers on the DMZ for access within the network without translation... but I can't create a static to a low security to a high security interface...
I wonder if anyone has the same configuration problem?
should I try to activate NAT on the DMZ also?
It's my current setup!
Thank you very much!
Luis
-------------------------------------------
PIX Version 6.1 (2)
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
nameif dmz security10 ethernet2
access-list 100 permit tcp any host 200.200.200.37 eq smtp
access-list 100 permit tcp any host 200.200.200.37 eq pop3
access list 100 permit tcp any host 200.200.200.37 EQ field
access-list 100 permit udp any host 200.200.200.37 EQ field
access-list 100 permit tcp any host 200.200.200.35 eq www
access-list 100 permit tcp any host 200.200.200.35 eq 443
access-list 100 permit tcp any host 200.200.200.36 eq www
access-list 100 permit tcp any host 200.200.200.36 eq 443
access-list 100 permit icmp any one
access-list 100 permit tcp any host 200.200.200.35 eq ftp
access-list 100 permit tcp any host 200.200.200.36 eq ftp
access-list 100 permit tcp any host 200.200.200.36 eq 3389
access-list 100 permit tcp any host 200.200.200.35 eq 3389
access list 100 permit tcp any host 200.200.200.36 EQ field
access-list 100 permit udp any host 200.200.200.36 EQ field
access-list 100 permit tcp any host 200.200.200.38 eq www
access-list 100 permit tcp any host 200.200.200.38 eq 443
access-list 100 permit tcp any host 200.200.200.38 eq 3389
access-list 100 permit tcp any host 200.200.200.37 eq www
access-list 100 permit tcp any host 200.200.200.38 eq 1547
access-list 100 permit tcp any host 200.200.200.39 eq 3389
access-list 100 permit tcp any host 200.200.200.39 eq ftp
access-list 100 permit tcp any host 200.200.200.39 eq 1433
IP outdoor 200.200.200.34 255.255.255.224
IP address inside 192.168.1.1 255.255.255.0
IP dmz 192.168.2.1 255.255.255.0
Global (outside) 1 200.200.200.45 - 200.200.200.61 netmask 255.255.255.224
Global (outside) 1 200.200.200.62 netmask 255.255.255.224
NAT (inside) 1 192.168.1.0 255.255.255.0 0 0
alias (inside) 192.168.1.2 200.200.200.38 255.255.255.255
alias (inside) 200.200.200.36 192.168.2.11 255.255.255.255
alias (inside) 200.200.200.35 192.168.2.10 255.255.255.255
alias (inside) 200.200.200.37 192.168.2.12 255.255.255.255
static (dmz, external) 200.200.200.36 192.168.2.11 netmask 255.255.255.255 0 0
static (dmz, external) 200.200.200.35 192.168.2.10 netmask 255.255.255.255 0 0
public static 200.200.200.38 (inside, outside) 192.168.1.2 mask subnet 255.255.255.255 0 0
public static 200.200.200.39 (Interior, exterior) 192.168.1.186 netmask 255.255.255.255 0 0
static (inside, dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0
static (dmz, external) 200.200.200.37 192.168.2.12 netmask 255.255.255.255 0 0
Access-group 100 in external interface
Route outside 0.0.0.0 0.0.0.0 200.200.200.33 1
Did you apply an access list to allow traffic from the dmz to the inside interface?
Also, try to be specific with the server you are trying to provide access to the.
static (inside, dmz) xx.xx.xx.xx xx.xx.xx.xx 255.255.255.255 netmask (where two groups of xx.xx.xx.xx represent your address of sql server)
Then add the following list of access
access-list 101 permit tcp any host xx.xx.xx.xx eq sql (again, xx.xx.xx.xx is sql server)
Access-group 101 in the dmz interface
(test you can do initially access list permit all traffic instead of just sql, then tighten it to the top when you are sure that the static command works)
Hope that helps. Allowing less than an interface on a security interface traffic higher security is carried out with controls static and ACL (or ducts), so you seem to be on the right track.
~ rls
-
Hello
I'll install csa agent on servers of DMZ. Since there is no access to the Management Center in the DMZ, access is not permitted from internal dmz, only MC (internal) can access servers. I know that the CSA can record events on the computer, the MC will be able to get back them?
Except for a hint of polling sending, the MC is not initialize the connection for update of policy officers and events download. Agents are configured with a polling interval (default is 10 minutes), the Agent makes the connection with the MC via port 5401, and if it is not available try 443.
For your Agents work correctly with the MC, your DMZ must allow your dmz servers to connect to your internal port 5401 or 443 MC (I prefer 443).
Just add an ACL on your firewall so that the dmz servers can connect to only this server MC. Then you can create a rule to network access control so only the Cisco Security Agent can access the IP address of the MC on port 443.
In this way even if the attacker has exceeded all the other rules of the csa and used the server dmz as a breakpoint for more attack, they must kill the agent first, before they could get to the MC. And if that wasn't enough, you can create a rule of access control data to the Agent installed on the MC itself, which will send you an email if the root of the https:// is accessible.
-
PIX with H &; S VPN DMZ hosting web server to the hub
Ok
Heres a problem which I think would be quite common for these even remotely conscious of security. Unfortunately, my knowledge of the PIX (as well as other Cisco devices) is still in phase of 'growth '.
So, here's the problem. I have a WAN put in place with PIXen and SonicWalls, we are set up in a design essentially Hub and Spoke (fine ok so it is partially meshed). We recently decided to pull the trigger on getting a 'real' web site and everything went relatively well that getting up and rolling. (even with my notice of 3 days/deadline), but here's the problem: I set up the web server on the DMZ to the hub pix, and I figured out (the easy part) how to set things so in the Home Office, people can connect to the web server by using the internal address, but I don't know what to do for people in remote offices with VPN home connections. I tried to define static routes, I tried to add the DMZ to the VPN trigger, I tried to do both of the last things together, and I checked that I have rules allowing traffic to the VPN outside the DMZ on the inside. So, what else can I I get?
I have no problem by configuring a PIX for all basic ups and VPN even at this stage, I can do most of it through the CLI (even if I still want to do more through the PDM). My biggest stumbling block on the PIX has so far was when I actually involve this pesky DMZ...
I actually two PIX in my office, two for my network domestic (one for my place in the States and one for my place in the Japan), so if you can help me, I'll be the two problems and do not forget to give a rating of excellent reviews!
so I guess that leaves me to the place where I scream...
Help!
and I humbly await your comments.
the current pix configuration should look at sth like this,
IP access-list 101 permit
IP access-list 110 permit
Global 1 interface (outside)
(Inside) NAT 0-list of access 101
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
Permitted connection ipsec sysopt
Crypto ipsec transform-set esp-3des esp-md5-hmac superset
myvpn 10 ipsec-isakmp crypto map
correspondence address card crypto myvpn 10 110
card crypto myvpn 10 set by peer
superset of myvpn 10 transform-set card crypto
interface myvpn card crypto outside
ISAKMP allows outside
ISAKMP key
address netmask 255.255.255.255
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
now, to add dmz on top of the existing vpn, add the following to the pix (and apply the same concept on the remote end device)
access-list 102 permit ip
access-list 110 permit ip
nat (dmz) 0 access-list 102
-
Out-of-Band management on the servers in the DMZ
Hi, I have four PC7048s in my DMZ. External, internal making face and 2 separate demilitarized. Everything is good. All workers.
Since they are demilitarized I want only their route between them and thus in position off http, Https, Telnet, and SSH management so that they cannot be managed remotely from the DMZ subnets.
I then plugged the OOB interfaces in my internal management switch and VLAN them accordingly. Very well, now I can ping my OOB interfaces on all four. But I can't manage them because I have disabled SSH, HTTPS, HTTP and Telnet
If I allow them (just SSH and HTTPS) I am now able to manage the switches of the DMZ on the IPs DMZ subnet
I thought that the point of the OOB was so this does not happen and there is isolation? If I have to spend globally on HTTPS and SSH, then they are not really well isolated (I understand that OOB traffic cannot talk to IN-Band etc. - is the fact that I turn on a global configuration for remote OOB service)
Am I missing something?
Thank you
Your results are correct. To lock the management more far I suggest looking to implement ACLs. With the ACL you can permit/deny access to various management services.
Page 1471, guide the user passes over these commands.
FTP.Dell.com/.../PowerConnect-7048r_Reference%20Guide_en-US.pdf
Thank you
-
Installation of the SCOM Agent on servers in the DMZ
Dear,
can you please help me with the exact steps to install SCOM Agent to the DMZ (no trusted domain) server to monitor anyone and is it possible to test it before in any Windows 7 PC. ?
Thanks in advance
This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
If you give us a link to the new thread we can point to some resources it -
Running one of the virtual machines on two physical servers at the same time. Server 2012
Hello!
I'll admit that I'm not exactly an expert Server nor I claim to be. I could use some help with the installation I build and eventually moving customers to server setup. In an effort to try to describe my question, here is a first draft of what looks like my setup.Rackstation 1 is therefore a Synology Rackstation, which runs high-availability Rackstation 2. Directly, cabledtogether, Rackstation 2 works passively and constantly updates a copy of Rackstation 1 Rackstation 1 failure.Host 1 running server 2012 and therefore host 2. Currently I have 6 servers virtualized on Rackstation 1, using Hyper-V Manager of 1 host. I created ISCSI storage for every server virtualized LUNS and currently have ISCSI targets to be used with host 1 pointing to the LUN. I created another series of ISCSI for Host 2 targets as well. The idea is to have 2 host run the Hyper-V Manager and be able to connect to the virtualized servers same Rackstation 1 just like host 1 is currently. That way if nothing ever happens to the host 1, host 2 quickly usable for servers. All that seems to be able to do with host 2 is create new virtualized servers, instead of link those already created. Currently, regarding the RAM for virtualized servers, they use host 1.So, is there a way for host 2 to have the same virtual servers as host 1? What I need to change my configuration to achieve this? IM open to ideas and advice on how to reconcile that far.Zachary, MS doesn't make it easy to find the Windows Server forum:
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer -
I'll set up a DMZ on a PIX 515e and everything seems to work fine except that I can't get internet access from the DMZ servers. The only way I CAN get access is if I add a "permit ip any any" to the dmz access list. I only allow statements in the demilitarized zone access list and not to deny statements. The demilitarized zone should not allow all traffic flows due to its level of security?
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
nameif dmz security50 ethernet2
I will attach a sanatized my PIX config. I hope it's a simple mistake that I'm missing.
Thank you
CB
Exactly! You need to think about how the traffic goes through the pix - a ACL on a given int impact on all traffic through this int, regardless of the destination. So an inside interface ACL can impact traffic that passes through the DMZ and interfaces external, that this traffic passes through it. A DMZ interface acl will also affect traffic through it inside or outside (or all other interfaces)
-
Providing access to the internet to the DMZ
I have a couple of Web servers on the DMZ (30.30.30.0), who must be able to access Web sites. I also have static translations for Web servers to outside users access to them. When I added these static translations for outside users, Web servers can no longer be for web access. Here are a few lines of my config pertitent. Any ideas? (the goal is to keep static translations, but allow also the machines of the demilitarized zone to be able to browse the web)
outsidein list access permit tcp any host 69.x.x.1 eq www
outsidein list access permit tcp any host 69.x.x.2 eq ftp
access-list fromDMZ allow icmp a whole
fromDMZ list access permit tcp any any eq www
Global interface 10 (external)
NAT (inside) 10 10.0.2.0 255.255.255.0 0 0
NAT (dmz) 10 30.30.30.0 255.255.255.0 0 0
static (inside, dmz) 10.0.2.0 10.0.2.0 netmask 255.255.255.0 0 0
static (dmz, external) 69.x.x.1 server1 netmask 255.255.255.255 0 0
static (dmz, external) 69.x.x.2 server2 netmask 255.255.255.255 0 0
Access-group outsidein in external interface
Access-group fromDMZ in dmz interface
HAG,
In addition to opening tcp 53 I think you would also add the port udp 53 for DNS work
fromDMZ list of access permit udp any any eq 53
Chris
-
statics of the DMZ on the inside
I have a mail relay (gateway) in our DMZ. It stops working if I remove the following static statement:
static (dmz, upside down) insidemail insidemail netmask 255.255.255.255
where insidemail is the name of the internal mail server.
This static doesn't make much sense to me, but as mentioned previously, if it isn't there, I can't get on the mail server internal on port 25.
BTW, my acl for mail in the demilitarized zone is
dmz_acl permit tcp host DMZmail host insidemail eq 25 access-list
Hi binaryflow,
For any server on the DMZ can access inside server, it must first see the server to an IP address. Only after this accessibility of intellectual property, it will establish communication with that server. The accessibility of intellectual property can be obtained in two ways:
(1) given the server on his already existing private IP. to do this, without the server natting to the DMZ interface. for this reason, we use the command
static (dmz, upside down) insidemail insidemail netmask 255.255.255.255
You can also use these commands:
NAT (inside) 0 access-list sheep
access-list allowed sheep ip host insidemail dmz host
(2) you can also make a static on a few other IP and allow access to this IP address to access list.
In any case, the server should operate, accessibility of intellectual property is the first criterion. without that it will not work.
I hope this helps... all the best...
REDA
-
second Web server on the DMZ not visible outside
With the help of a PIX 515e
I have several Web servers in the DMZ, the first web server and the mail server are set up with the port mapping for the PIX outside IP address of the interface.
The second and third (inside interface) of the Web servers are configured with static mappings and access lists.
I can see the first n the mail very good server webserver, but I can not see servers in second or third.
What have I done wrong?
I suggest you analysze traffic with the command to 'capture' PIX and sniff traffic on the DMZ and outside traffic.
Check if packets arrive to the external interface, if it reaches the web server and is at - it a response.
example of
IP access-list 120 allow any HOST 207.236.60.35
capture the access-list 120 vpncap OUTSIDE interface
See the access-list 120 retail vpncap capture
or
https://PIX-IP-address/capture/vpncap [/pcap]
To remove the capture:
No vpncap capture
sincerely
Patrick
-
Cannot access the Web server in the DMZ from the inside using IP global
Hi all
I hope it's a very simple question.
I'm running a PIX 515 firewall v6.3. I set up a Web server in my DMZ and use static NAT for re-branded it overall static IP address. Access from the outside of the demilitarized zone works remarkably well. I can access inside the interface Web site using the internal IP, but I can't access it from inside interface using the global IP are entrusted to him.
Is there a particular reason why this would not be allowed? My feeling was that the request would be forwarded via the external interface (as it is a global IP address) and then be bounced back by my sense of the ISP the request would come to the new external interface (as the static NAT is applied to the external interface).
However if I try and access the global IP from my inside interface, then the browser can not find the server.
can someone explain why this is so? Any information would be appreciated.
see you soon,
Wayne
---------------------------------
6.3 (3) version PIX
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
nameif dmz security50 ethernet2
hostname helmsdeep
domain p2h.com.sg
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol they 389
no correction protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
No fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
acl_out list access permit tcp any host 203.169.113.110 eq www
access-list 90 allow the host tcp 10.1.1.27 all
pager lines 24
debug logging in buffered memory
Outside 1500 MTU
Within 1500 MTU
MTU 1500 dmz
IP address outside pppoe setroute
IP address inside 192.168.1.1 255.255.255.0
dmz 10.1.1.1 IP address 255.255.255.0
no failover
failover timeout 0:00:00
failover poll 15
No IP failover outdoors
No IP failover inside
no failover ip address dmz
location of PDM 202.164.169.42 255.255.255.255 inside
location of PDM 202.164.169.42 255.255.255.255 dmz
location of PDM 10.1.1.26 255.255.255.255 dmz
location of PDM 10.1.1.26 255.255.255.255 outside
location of PDM 172.16.16.20 255.255.255.255 outside
location of PDM 192.168.1.222 255.255.255.255 inside
history of PDM activate
ARP timeout 14400
Global 1 interface (outside)
Global (dmz) 1 10.1.1.101 - 10.1.1.125
NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
NAT (dmz) 0-list of access 90
NAT (dmz) 1 0.0.0.0 0.0.0.0 0 0
static (dmz, external) 203.169.113.110 10.1.1.27 netmask 255.255.255.255 0 0
Access-group acl_out in interface outside
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
Enable http server
http 192.168.1.222 255.255.255.255 inside
enable floodguard
string fragment 1
Console timeout 0
Terminal width 80
Code v6 pix or less don't let you have traffic "back" or return flow via the same interface on which it was sent. Having also your bounce back off of an external server traffic is never a good idea, because you won't be able to distinguish which and rogue attacks by spoofing someone outside your network.
Since you are using pix 6.3 code, you may be able to outside the NAT. Add this static to your config:
static (dmz, upside down) 203.169.113.110 10.1.1.27 netmask 255.255.255.255 0 0
You may need to run a clear xlate after adding the new static statement. Note that the interfaces: it's demilitarized zone, inside inside, dmz.
I would like to know if it works.
-
Vpn client access to the DMZ host
I'm having a problem where my customers who establish a VPN with Pix 515 cannot access hosts on the DMZ. VPN clients can access hosts inside network without any problems. I discovered that when I make a route to trace from a client computer that has established a VPN connection to a host on the DMZ, he tries to go through the default gateway of computers instead of the client from cisco. Any ideas?
More information:
When a client connects with the PIX over the VPN, it is given the internal DNS servers and the DNS Server internal, we have a host entry that says "www.whatever.com" 2.2.2.2 (this is the DMZ host). Customers within the network can access this host with problems, it's just the customers who establish a VPN connection. But the VPN Clients can access "www.whatever.com" using the public ip address. The problem is that if remove us the entry from the host on the DNS server so that the name of "www.whatever.com" decides the public ip address customers inside will not be able to access the DMZ host. The names and IP numbers are not real just using those as an example.
Any help would be apperciated. Thank you
You'll currently have something like this in your config file:
sheep allowed ip access-list
NAT (inside) 0 access-list sheep
This tells the PIX not to NAT any traffic from inside interface, which is to go to a VPN client. You need the same thing but for the DMZ interface, then add the following:
sheep allowed ip access-list
NAT 0 access-list sheep (dmz)
Who should you get.
-
Is it possible to build a vpn tunnel to the DMZ on a pix 515 interface?
I would like to know if it is possible to have a vpn tunnel ending on a DMZ interface rather then inside interface of a pix 3-way. All the examples of configuration, I found route traffic from the VPN client somewhere on the internet on the inside interface of the pix. I tried a sheep-access list of the demilitarized zone to the vpn client, but it does not work. According to me, because the vpn traffic goes to the safety higher by definition interface. Am I wrong?
Hello
You can do it in use (nat 0 dmz x.x.x.x y.y.y.y)
-
Network for access to the external interface inside
Hey,.
I have an ASA5520 7.2 (1) I have a few probs with - which is something I struggle with that.
I'm trying to hit a website of a host on the inside network that is actually hosted internally, but decides the static NAT would focus on the external interface of the firewall.
Now I can see the TCP built, translation occurring at a port on the external interface, this port high dialogue to one of the static electricity would be addresses on the external interface, then that's all. There are no more entries in my journal in regards to the connection and I get not syn on the internal web server is so the connection is not back in.
IP address outside 222.x.x.9 255.255.255.248
IP address inside 192.168.87.1 255.255.255.0
Static NAT to Web servers: -.
public static 222.x.x.10 (Interior, exterior) 192.168.87.5
access lists access... :-
list of allowed inbound tcp extended access any host 192.168.87.5 eq http
Access-group interface incoming outside in
Everything works fine when creating a global internet address - just not when address from inside and dynamic PAT is performed to the original address.
Here's a capture session by using the following access to capture list inside and outside interfaces simultaneously
permit for line of web access-list 1 scope ip host 222.222.222.10 all
web access-list extended 2 line ip allow any host 222.222.222.10
on the INSIDE interface (nothing is connected to the outside) (ip addresses have been replaced by nonsense) - but address 222 is would take into account the interface static and the other is on the internal network.
316: 19:14:02.900206 192.168.87.10.2275 > 222.222.222.10.80: S 2029971541:2029971541 (0) win 64512
317: 19:14:05.973185 192.168.87.10.2275 > 222.222.222.10.80: S 2029971541:2029971541 (0) win 64512
192.168.87.10 is my client is trying to connect
Someone of any witch hunt, which is stop this function work?
All networks are directly attached and there is no route summary ancestral anywhere.
I hope you guys can help!
Concerning
Paul.
To my knowledge the ASA supports only hairpining on a VPN tunnel. The security apparatus does not allow traffic that is sent to an interface to go back in the direction of what she received.
Maybe you are looking for
-
How to set the default zoom according to the screen in Linux level?
Starting from the same account, I can use different types of screens: low and high DPI. I would like to have the font size (and more generally, the zoom level) right of each screen. To set the default zoom level, you can set the layout.css.devPixelsP
-
Question on the first battery charge on Satellite A110-195 times
Hello! I just bought an A110-195, and I heard that I have to charge the battery for the first time without operating the computer. If it is true, how much time I have to load it? Thank you!
-
How can I change my graphics card. is this possible? I am waiting for your answer?
-
Problems with the Power Manager 1.51 new T60 has
I've updated Power manager version 1.51 has and I have problems with the gauge of Power Manager in the task bar. Life remaining battery is not updated once more. Is there any chance I can find an earlier version of the software that worked perfectly
-
__Games used to install on my new computer, give me an error code
I just bought a gateway with Vista Premium FX6000 series computer. When this problem first occurred, I installed all the windows, including SP2 for Vista updates and updated all the drivers. While trying to install both a download from Direct2Drive a